Server hijacking likely with exploitation of critical TeamCity vulnerability

Attackers could remotely leverage a critical TeamCity CI/CD server vulnerability to facilitate arbitrary code execution and server takeovers, according to SecurityWeek. Successful exploitation of the authentication bypass flaw, tracked as CVE-2023-42793, could be conducted through an HTTP(S) connection even without user interaction, said SonarSource, which discovered the bug. "This enables attackers not only to steal source code but also stored service secrets and private keys. And its even worse: With access to the build process, attackers can inject malicious code, compromising the integrity of software releases and impacting all downstream user," SonarSource added. Meanwhile, JetBrains, which developed TeamCity, urged immediate application of patches for all on-premises TeamCity instances up to version 2023.05.3 but emphasized that no TeamCity cloud instances are vulnerable to the flaw. TeamCity versions 8.0 and above have also been given a security patch plugin addressing the vulnerability. "We always recommend users upgrade their servers to the latest version to benefit from many other security updates," JetBrains said.