CVE-2023-42793 Vulnerability in TeamCity: December 14, 2023 Update
On September 6, 2023, a critical TeamCity On-Premises vulnerability issue (CVE identifier CVE-2023-42793) was discovered by the Sonar team. TeamCity Cloud was not affected by this.
We subsequently investigated and fixed the issue, providing mitigation steps to our customers on September 18, 2023. Customers could either upgrade to a new version which contained the fix (2023.05.4), or apply a security patch plugin in case they could not upgrade to a new version.
Please see our previous public statements on the issue:
On December 13, 2023 the Cybersecurity & Infrastructure Security Agency of the U.S. Department of Homeland Security (CISA) released a public advisory, in which they shared new ways in which this vulnerability (CVE-2023-42793) has been exploited by Russian nation-state threat actors as of September 2023.
Please see this article by the Cybersecurity & Infrastructure Security Agency with a full breakdown of their findings including the technical details on the attack surface, techniques, indicators of compromise, and mitigation recommendations.
Our recommendations remain the same as before:
- If you haven’t already done so, please upgrade your TeamCity server to the fixed version (2023.05.4 or the latest 2023.11) or apply the security patch plugin if you are using an earlier version of TeamCity. Full details are provided in this blog post.
- If your server is publicly accessible over the internet and you are unable to update it or apply the security patch plugin immediately, we recommend temporarily making it inaccessible until the update or patch has been applied and you’ve investigated whether your TeamCity environment has been compromised.
- Independently of upgrading or applying the patch plugin, it is important to see if your TeamCity instance has been exploited. In order to do this, we recommend you
- Review the Indicators of Compromise (IOCs) and Detection Methods released by CISA. While these indicators should not be considered exhaustive for this observed activity, it does provide some insight.
- Review the Microsoft Threat Intelligence Center team’s Indicators of Compromise (IOCs) to help investigate whether your Windows-based TeamCity environment (the server and build agents) has been compromised. These indicators should not be considered exhaustive for this observed activity.
While there is little probability of your instance having been exploited if you immediately upgraded or applied the patch when it was made available, given that the first recorded attacks took place in September 2023, we recommend you follow the above process to review your specific case.
If you have any concerns or questions about the CVE-2023-42793 vulnerability, please contact the TeamCity Support team by submitting a ticket.
Subscribe to Blog updates
Configuration as Code for TeamCity Using Terraform
We're introducing Terraform Provider for TeamCity, an new way for configuring your CI/CD infrastructure as code.
Critical Security Issue Affecting TeamCity On-Premises (CVE-2024-23917) – Update to 2023.11.3 Now
Summary A critical security vulnerability was identified in TeamCity On-Premises (initially discovered and reported by an external security researcher on January 19, 2024). This critical security vulnerability has been assigned the CVE identifier CVE-2024-23917 and presents the weakness CWE-2…
TeamCity 2023.11.3 Is Here
The 2023.11.3 bug-fix update for TeamCity On-Premises is now out and available for downloading. This update includes a crucial security-related fix, and we urge you to install it as soon as possible. For the list of other issues fixed in this version, refer to our release notes. As with other min…