Exploit for #VU80950 Authentication bypass using an alternate path or channel in TeamCity

Exploit for #VU80950 Authentication bypass using an alternate path or channel in TeamCity

Published: 2023-09-28 | Updated: 2024-02-27

Vulnerability identifier: #VU80950

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-42793

CWE-ID: CWE-288

Exploitation vector: Network

Exploits in database: 3

February 27, 2024
- GhostTown (Proof of Concept script to exploit CVE-2023-42793 (TeamCity)) [Github]
December 21, 2023
- CVE-2023-42793 (JetBrains TeamCity Authentication Bypass CVE-2023-42793 Exploit) [Github]
September 28, 2023
- JetBrains TeamCity Unauthenticated Remote Code Execution [Metasploit]

Impact: Code execution

Vulnerable software:
TeamCity
Web applications / CRM systems

Vendor: JetBrains s.r.o.