How to Fix CVE-2023-42793- A Critical Authentication Bypass Vulnerability in TeamCity?

Recently, security researcher Stefan Schiller from Sonar disclosed a critical remote code execution (RCE) vulnerability in the popular Continuous Integration and Continuous Deployment (CI/CD) platform TeamCity. On September 26, 2023, JetBrains, the company behind TeamCity, published an advisory about this vulnerability tracked as CVE-2023-42793.

This is an authentication bypass flaw in TeamCity that could allow an unauthenticated, remote attacker to gain administrative access and take complete control of the TeamCity server. If exploited, this vulnerability enables the attacker to steal source code, secrets, and private keys and tamper with the build process to inject malicious code into software releases, which would impact all downstream users.

According to the NIST National Vulnerability Database (NVD), this vulnerability has a CVSS v3 base score of 9.8 (critical severity) and presents the weakness CWE-288 (authentication bypass using an alternate path or channel).

This blog post will cover what are CI/CD pipelines, give an overview of TeamCity, provide a summary of CVE-2023-42793, learn which TeamCity versions are impacted, and discuss how to fix CVE-2023-42793 vulnerability in this blog post.

What Are CI/CD Pipelines?

CI/CD pipelines automate the process of building, testing, and deploying applications. The continuous integration (CI) stage integrates code changes from developers into a shared repository frequently, checks for errors, and runs automated tests. If all test cases pass, the continuous delivery (CD) stage deploys the build artifact to production or staging environments.

CI/CD enables rapid and reliable software releases by catching issues early through automated testing and preventing bad code from going live. With CI/CD, developers can focus on writing code rather than wasting time on manual build and deployment processes. Leading tech companies rely heavily on CI/CD pipelines to achieve faster release cycles and remain competitive.

A Short Introduction of TeamCity and Its Key Features

TeamCity is a popular Java-based CI/CD server from JetBrains used by over 300,000 developers worldwide. It integrates with version control systems like Git, Mercurial, SVN, and Perforce to detect code changes and automatically build, test, and deploy applications.

Some key features of TeamCity include:

The Summary of CVE-2023-42793

CVE-2023-42793 stems from an authentication bypass vulnerability in TeamCity that enables an unauthenticated, remote attacker to bypass authentication and gain arbitrary code execution on the TeamCity server with administrative privileges.

Source: Sonar

According to the NVD, it has been assigned a CVSS v3 base score of 9.8 (critical severity) based on these metrics:

Successful exploitation of this flaw allows an attacker to steal source code, secrets, and private keys, tamper with the build process, and take full control of the TeamCity server.

TeamCity Versions Vulnerable to CVE-2023-42793

As per JetBrains’ advisory, all versions of TeamCity prior to 2023.05.4 are affected by CVE-2023-42793. This includes TeamCity versions 2022.04.x, 2022.10.x, and 2023.04.x which have not yet been patched against this critical authentication bypass vulnerability.

How to Fix CVE-2023-42793?

JetBrains has addressed this critical vulnerability by releasing TeamCity version 2023.05.4 with the fix for CVE-2023-42793. So it is strongly recommended to update your TeamCity servers to this latest patched release.

Additionally, JetBrains has also provided a security patch plugin that specifically mitigates the CVE-2023-42793 vulnerability in older TeamCity versions like 8.0+ that cannot be immediately upgraded.

While the patch plugin will protect against attacks attempting to exploit this specific flaw, upgrading to the latest TeamCity version is always preferable to get all security enhancements.

Here are the step-by-step instructions to upgrade your TeamCity server to the fixed version 2023.05.4:

Following these steps will ensure that CVE-2023-42793 is fully fixed in your TeamCity installation by upgrading to the patched release. Keeping your CI/CD platform updated is crucial for security.

Conclusion

In conclusion, CVE-2023-42793 is a critical severity authentication bypass vulnerability in TeamCity that lead to a remote code execution. If your servers are internet-facing and you cannot patch immediately, restrict access to mitigate attacks. All TeamCity users should update to version 2023.05.4 or install the patch plugin as soon as possible to fully fix this vulnerability. Keeping your CI/CD platforms up-to-date with security patches is crucial to prevent takeovers and supply chain attacks.

Regularly patching and upgrading your web-facing applications is the most effective way to improve your security posture. Old, unmaintained software riddled with known vulnerabilities poses an unacceptable risk in today’s threat landscape. CI/CD platforms like TeamCity, which hold the keys to your source code and releases, are particularly appealing targets that call for extra vigilance.

While this news may be unsettling, the good part is that JetBrains has provided actionable solutions to fix the flaw. Stay calm, backup your data, test upgrades, and apply the mitigations. With some care and planning, TeamCity users can ensure their environments are no longer vulnerable to CVE-2023-42793 attacks.

We hope this post helps you know how to fix CVE-2023-42793, a critical critical authentication bypass vulnerability in TeamCity. Thanks for reading this post. Please share this post and help secure the digital world. Visit our website thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive updates like this.