TeamCity Authentication Bypass (CVE-2023-42793)
Description
TeamCity versions prior to the patched release contain a critical authentication bypass vulnerability (CVE-2023-42793) that allows remote attackers to circumvent authentication controls using specially crafted HTTP requests. This vulnerability affects the web-based continuous integration and deployment platform, enabling unauthorized access without requiring valid credentials. The flaw stems from improper authentication implementation that can be exploited to gain administrative privileges.
Remediation
Take immediate action to remediate this critical vulnerability:
1. Upgrade TeamCity immediately to version 2023.05.4 or later if using the 2023.05.x branch, or to the latest available version for your release branch. Consult the JetBrains security advisory for specific version requirements.
2. Review access logs for suspicious authentication attempts or unusual administrative actions that may indicate prior exploitation. Look for unexpected API calls or configuration changes.
3. Rotate credentials including all passwords, API tokens, and SSH keys stored within TeamCity, as they may have been compromised.
4. Audit recent changes to build configurations, projects, and user accounts to identify any unauthorized modifications.
5. Implement network segmentation to restrict TeamCity access to trusted networks and consider placing the server behind a VPN or firewall with strict access controls.
If immediate patching is not possible, temporarily restrict network access to the TeamCity server to trusted IP addresses only until the upgrade can be completed.