CVE-2023-42793: JetBrains TeamCity Authentication Bypass Vulnerability.
JetBrains TeamCity Authentication Bypass Vulnerability. JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
- CISA KEV-listed (remediation due 2023-10-25)
- used in ransomware campaigns
- EPSS 92.9% (99.8% percentile)
Detection rules
- Diamond Sleet APT DNS Communication Indicators high
- Diamond Sleet APT DLL Sideloading Indicators high
- Diamond Sleet APT Process Activity Indicators high
- Diamond Sleet APT Scheduled Task Creation - Registry high
- Diamond Sleet APT Scheduled Task Creation critical
- Diamond Sleet APT File Creation Indicators high
- Onyx Sleet APT File Creation Indicators high
- Security Tools Keyword Lookup Via Findstr.EXE medium