CVE-2023-42793 - JetBrains TeamCity RCE
A critical security vulnerability (CVE-2023-42793) was disclosed in JetBrains' CI/CD platform TeamCity on September 21, 2023. The vulnerability has a CVSS score of 9.8 and can lead to Remote Code Execution (RCE) attacks by bypassing authentication. Users are urged to update to the latest version to avoid potential attacks. Nuclei Templates v9.6.5, released on October 11, 2023, includes a template for checking if this vulnerability exists in your assets. Technical details of the vulnerability include: 1. TeamCity uses request interceptors for various actions, including authorization mechanisms. 2. A specific interceptor checks if incoming request paths match predefined expressions, exempting matching paths from pre-handling, including authorization checks. 3. One excluded path expression, "/\*\*/RPC2", allows any request ending with /RPC2 to bypass authorization. 4. Attackers can exploit this by creating an authentication token for any user via the request POST /app/rest/users/
/tokens/RPC2. 5. The response provides an authentication token for the specified user, granting them application access. 6. A debug API endpoint allowed arbitrary process execution when the rest.debug.processes.enable property was set to true by an Admin user, followed by a config reload resulting in arbitrary code execution on the server. The vulnerability was reported on September 6, confirmed on September 14, fixed on September 18, and publicly announced on September 21. JetBrains released a fix in version 2023.05.4 of TeamCity. Users are advised to upgrade their TeamCity instance to version 2023.05.4 or later to patch this vulnerability. CVEs: CVE-2023-29357, CVE-2023-42793 [View Article](https://blog.projectdiscovery.io/cve-2023-42793-vulnerability-in-jetbrains-teamcity/)