{"id":391649,"date":"2023-09-21T17:25:59","date_gmt":"2023-09-21T16:25:59","guid":{"rendered":"https:\/\/blog.jetbrains.com\/teamcity\/2023\/09\/critical-security-issue-affecting-teamcity-on-premises-update-to-2023-05-4-now\/"},"modified":"2023-09-27T09:04:55","modified_gmt":"2023-09-27T08:04:55","slug":"critical-security-issue-affecting-teamcity-on-premises-update-to-2023-05-4-now","status":"publish","type":"teamcity","link":"https:\/\/blog.jetbrains.com\/zh-hans\/teamcity\/2023\/09\/critical-security-issue-affecting-teamcity-on-premises-update-to-2023-05-4-now\/","title":{"rendered":"\u5f71\u54cd TeamCity On-Premises \u7684\u4e25\u91cd\u5b89\u5168\u95ee\u9898 \u2013 \u7acb\u5373\u66f4\u65b0\u5230 2023.05.4"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">\u6982\u8981<\/h1>\n\n\n\n<ul>\n<li>TeamCity On-Premises \u4e2d\u6700\u8fd1\u53d1\u73b0\u4e86\u4e00\u4e2a\u4e25\u91cd\u7684\u5b89\u5168\u95ee\u9898\u3002(\u6700\u521d\u7531 <a href=\"https:\/\/www.sonarsource.com\/blog\/teamcity-vulnerability\/\" target=\"_blank\" rel=\"noopener\">Sonar<\/a> \u56e2\u961f\u53d1\u73b0\u5e76\u62a5\u544a\u7ed9\u6211\u4eec\uff09\u3002<\/li>\n\n\n\n<li>\u6b64\u4e25\u91cd\u5b89\u5168\u6f0f\u6d1e\u5df2\u83b7\u5f97 CVE \u6807\u8bc6\u7b26 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-42793\" target=\"_blank\" rel=\"noopener\">CVE-2023-42793<\/a>\uff0c\u5f31\u70b9\u4e3a <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/288.html\" target=\"_blank\" rel=\"noopener\">CWE-288<\/a>\u3002 <\/li>\n\n\n\n<li>\u6b64\u6f0f\u6d1e\u53ef\u80fd\u4f7f\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u80fd\u591f\u901a\u8fc7 HTTP(S) \u8bbf\u95ee TeamCity \u670d\u52a1\u5668\uff0c\u6267\u884c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c (RCE) \u653b\u51fb\u5e76\u83b7\u5f97 TeamCity \u670d\u52a1\u5668\u7684\u7ba1\u7406\u63a7\u5236\u6743\u3002<\/li>\n\n\n\n<li>\u6b64\u6f0f\u6d1e\u5df2\u5728 <strong>2023.05.4 \u7248\u672c<\/strong>\u4e2d\u4fee\u6b63\u3002<\/li>\n\n\n\n<li>\u6211\u4eec\u5e0c\u671b\u6240\u6709\u7528\u6237\u90fd\u5c06\u5176\u670d\u52a1\u5668\u66f4\u65b0\u5230\u6700\u65b0\u7248\u672c\u3002<\/li>\n\n\n\n<li>\u6211\u4eec\u4e5f\u4e3a\u65e0\u6cd5\u66f4\u65b0\u7684\u7528\u6237\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u8865\u4e01\u63d2\u4ef6\uff08\u8be6\u7ec6\u4fe1\u606f\u5982\u4e0b\uff09\u3002<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\">\u8be6\u7ec6\u4fe1\u606f<\/h1>\n\n\n\n<p>TeamCity On-Premises \u4e2d\u6700\u8fd1\u53d1\u73b0\u4e86\u4e00\u4e2a\u4e25\u91cd\u7684\u5b89\u5168\u95ee\u9898\u3002 \u5982\u679c\u88ab\u6ee5\u7528\uff0c\u6b64\u7f3a\u9677\u53ef\u80fd\u4f7f\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u80fd\u591f\u901a\u8fc7 HTTP(S) \u8bbf\u95ee TeamCity \u670d\u52a1\u5668\uff0c\u6267\u884c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c (RCE) \u653b\u51fb\u5e76\u83b7\u5f97 TeamCity \u670d\u52a1\u5668\u7684\u7ba1\u7406\u63a7\u5236\u6743\u3002<\/p>\n\n\n\n<p>TeamCity On-Premises \u7684\u6240\u6709\u7248\u672c\u5747\u53d7\u6b64\u4e25\u91cd\u5b89\u5168\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\u5b83\u5df2\u83b7\u5f97 CVE \u6807\u8bc6\u7b26&nbsp;<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-42793\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-42793<\/a>\uff0c\u5f31\u70b9\u4e3a&nbsp;<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/288.html\" target=\"_blank\" rel=\"noreferrer noopener\">CWE-288<\/a>\uff08\u4f7f\u7528\u66ff\u4ee3\u8def\u5f84\u6216\u901a\u9053\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff09\u3002\u6b64\u95ee\u9898\u4e0d\u4f1a\u5f71\u54cd TeamCity Cloud\uff0c\u6211\u4eec\u5df2\u7ecf\u5c06 TeamCity Cloud \u670d\u52a1\u5668\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\u3002<\/p>\n\n\n\n<p><strong>\u6211\u4eec\u5df2\u5728 2023.05.4 \u7248\u672c\u4e2d\u4fee\u6b63\u6b64\u6f0f\u6d1e\uff0c\u5e76\u5df2\u901a\u77e5\u5ba2\u6237<\/strong>\u3002\u6211\u4eec\u4e5f\u5c06\u5c3d\u5feb\u53d1\u5e03\u6b64\u6f0f\u6d1e\u7684\u5176\u4ed6\u6280\u672f\u7ec6\u8282\u3002\u540c\u65f6\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae TeamCity On-Premises \u7684\u6240\u6709\u7528\u6237\u90fd\u5c06\u670d\u52a1\u5668\u66f4\u65b0\u5230 2023.05.4 \u4ee5\u7f13\u89e3\u8fd9\u4e00\u95ee\u9898\u3002<\/p>\n\n\n\n<p><strong>\u8981\u66f4\u65b0\u670d\u52a1\u5668\uff0c\u8bf7<\/strong><a href=\"https:\/\/www.jetbrains.com\/teamcity\/download\/other.html\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>\u4e0b\u8f7d\u6700\u65b0\u7248\u672c<\/strong><\/a><strong>&nbsp;(2023.05.4) \u6216\u4f7f\u7528 TeamCity \u5185\u7684<\/strong><a href=\"https:\/\/www.jetbrains.com\/help\/teamcity\/upgrading-teamcity-server-and-agents.html#Automatic+Update\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>\u81ea\u52a8\u66f4\u65b0<\/strong><\/a><strong>\u9009\u9879<\/strong>\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u60a8\u65e0\u6cd5\u5c06\u670d\u52a1\u5668\u66f4\u65b0\u5230 2023.05.4\uff0c\u6211\u4eec\u4e5f\u53d1\u5e03\u4e86\u5b89\u5168\u8865\u4e01\u63d2\u4ef6\uff0c\u56e0\u6b64\u60a8\u4ecd\u7136\u53ef\u4ee5\u4fee\u8865\u73af\u5883\u3002\u53ef\u901a\u8fc7\u4ee5\u4e0b\u94fe\u63a5\u4e4b\u4e00\u4e0b\u8f7d\u5b89\u5168\u8865\u4e01\u63d2\u4ef6\u5e76\u5b89\u88c5\u5728 TeamCity 8.0+ \u4e0a\u3002\u5b83\u5c06\u4fee\u8865\u4e0a\u8ff0\u7279\u5b9a RCE \u6f0f\u6d1e\u3002\u5bf9\u4e8e TeamCity 2019.2 \u53ca\u66f4\u9ad8\u7248\u672c\uff0c\u65e0\u9700\u91cd\u65b0\u542f\u52a8 TeamCity \u670d\u52a1\u5668\u5373\u53ef\u542f\u7528\u63d2\u4ef6\u3002\u5bf9\u4e8e 2019.2 \u4e4b\u524d\u7684\u7248\u672c\uff0c\u5b89\u88c5\u63d2\u4ef6\u540e\u9700\u8981\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u5668\u3002<\/p>\n\n\n\n<p>\u5b89\u5168\u8865\u4e01\u63d2\u4ef6\uff1a<a href=\"https:\/\/download.jetbrains.com\/teamcity\/plugins\/internal\/CVE-2023-42793-fix-recent-versions.zip\" target=\"_blank\" rel=\"noreferrer noopener\">\u9002\u7528\u4e8e TeamCity 2018.2 \u5230 2023.05.3<\/a>&nbsp;|&nbsp;<a href=\"https:\/\/download.jetbrains.com\/teamcity\/plugins\/internal\/CVE-2023-42793-fix-2018-1.zip\" target=\"_blank\" rel=\"noreferrer noopener\">\u9002\u7528\u4e8e TeamCity 8.0 \u5230 2018.1<\/a><\/p>\n\n\n\n<p><strong>\u91cd\u8981\u63d0\u793a<\/strong>\uff1a\u5b89\u5168\u8865\u4e01\u63d2\u4ef6\u4ec5\u89e3\u51b3\u4e0a\u8ff0 RCE \u6f0f\u6d1e\u3002\u6211\u4eec\u59cb\u7ec8\u5efa\u8bae\u7528\u6237\u5c06\u670d\u52a1\u5668\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff0c\u4ee5\u53d7\u76ca\u4e8e\u66f4\u591a\u5b89\u5168\u66f4\u65b0\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u60a8\u7684\u670d\u52a1\u5668\u53ef\u901a\u8fc7\u4e92\u8054\u7f51\u516c\u5f00\u8bbf\u95ee\uff0c\u4f46\u60a8\u65e0\u6cd5\u7acb\u5373\u6267\u884c\u4e0a\u8ff0\u7f13\u89e3\u63aa\u65bd\uff0c\u90a3\u4e48\u6211\u4eec\u5efa\u8bae\u6682\u65f6\u4f7f\u670d\u52a1\u5668\u4e0d\u53ef\u8bbf\u95ee\uff0c\u76f4\u5230\u7f13\u89e3\u63aa\u65bd\u5b8c\u6210\u3002<\/p>\n\n\n\n<p>\u6700\u8fd1\u4fee\u6b63\u7684\u5b89\u5168\u95ee\u9898\u7684\u5b8c\u6574\u5217\u8868\u4f4d\u4e8e JetBrains \u7f51\u7ad9\u7684<a href=\"https:\/\/www.jetbrains.com\/privacy-security\/issues-fixed\/?product=TeamCity\" target=\"_blank\" rel=\"noreferrer noopener\"><em>\u4fee\u6b63\u7684\u5b89\u5168\u95ee\u9898<\/em><\/a>\u9875\u9762\u4e0a\u3002\u60a8\u8fd8\u53ef\u4ee5\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6<a href=\"https:\/\/www.jetbrains.com\/privacy-security\/subscribe\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u8ba2\u9605<\/a>\u63a5\u6536\u6709\u5173\u6240\u6709 JetBrains \u4ea7\u54c1\u4fee\u6b63\u7684\u901a\u77e5\u3002<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">\u5e38\u89c1\u95ee\u9898\u89e3\u7b54<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">\u53d7\u5f71\u54cd\u7684\u7248\u672c\u6709\u54ea\u4e9b\uff1f<\/h2>\n\n\n\n<p>\u4fee\u8865\u7248\u672c (2023.05.4) \u4e4b\u524d\u7684\u6240\u6709\u7248\u672c\u5747\u53d7\u6b64\u95ee\u9898\u5f71\u54cd\u3002\u6211\u4eec\u5efa\u8bae\u5c3d\u5feb\u5347\u7ea7\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">TeamCity Cloud \u53d7\u5f71\u54cd\u5417\uff1f<\/h2>\n\n\n\n<p>\u6b64\u95ee\u9898\u4e0d\u4f1a\u5f71\u54cd TeamCity Cloud\uff0c\u6211\u4eec\u5df2\u7ecf\u5c06 TeamCity Cloud \u670d\u52a1\u5668\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u662f\u5426\u53ef\u4ee5\u5c06\u4fee\u6b63\u5411\u540e\u79fb\u690d\u5230\u6211\u4eec\u7684\u7248\u672c\uff1f&nbsp;<\/h2>\n\n\n\n<p>\u6211\u4eec\u76ee\u524d\u4e0d\u8003\u8651\u5411\u540e\u79fb\u690d\u3002\u8bf7\u6ce8\u610f\uff0c\u6211\u4eec\u53d1\u5e03\u7684\u63d2\u4ef6\u53ef\u4ee5\u7f13\u89e3\u6b64\u95ee\u9898\uff0c\u5e76\u4e14\u4e0e TeamCity 8.0+ \u517c\u5bb9\u3002<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">\u652f\u6301<\/h1>\n\n\n\n<p>\u5982\u679c\u60a8\u5bf9\u6b64\u95ee\u9898\u6709\u4efb\u4f55\u7591\u95ee\u6216\u9047\u5230\u5347\u7ea7\u95ee\u9898\uff0c\u8bf7<a href=\"https:\/\/teamcity-support.jetbrains.com\/hc\/en-us\/requests\/new?ticket_form_id=66621\" target=\"_blank\" rel=\"noreferrer noopener\">\u63d0\u4ea4\u5de5\u5355<\/a>\u8054\u7cfb TeamCity \u652f\u6301\u56e2\u961f\u3002<\/p>\n\n\n<p>\u672c\u535a\u6587\u82f1\u6587\u539f\u4f5c\u8005\uff1a<\/p>\n\n    <div class=\"about-author \">\n        <div class=\"about-author__box\">\n            <div class=\"row\">\n                <div class=\"about-author__box-img\">\n                    <img decoding=\"async\" src=\"https:\/\/secure.gravatar.com\/avatar\/?s=200&#038;r=g\" width=\"200\" height=\"200\" alt=\"\" loading=\"lazy\"  class=\"avatar avatar-200 wp-user-avatar wp-user-avatar-200 photo avatar-default\">\n                <\/div>\n                <div class=\"about-author__box-text\">\n                                                        <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n","protected":false},"author":313,"featured_media":390097,"comment_status":"closed","ping_status":"closed","template":"","categories":[89],"tags":[76],"cross-post-tag":[],"acf":[],"_links":{"self":[{"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/teamcity\/391649"}],"collection":[{"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/teamcity"}],"about":[{"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/types\/teamcity"}],"author":[{"embeddable":true,"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/users\/313"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/comments?post=391649"}],"version-history":[{"count":5,"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/teamcity\/391649\/revisions"}],"predecessor-version":[{"id":391683,"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/teamcity\/391649\/revisions\/391683"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/media\/390097"}],"wp:attachment":[{"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/media?parent=391649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/categories?post=391649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/tags?post=391649"},{"taxonomy":"cross-post-tag","embeddable":true,"href":"https:\/\/blog.jetbrains.com\/zh-hans\/wp-json\/wp\/v2\/cross-post-tag?post=391649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}