To update your server, download the latest version (2023.05.4) or use the automatic update option within TeamCity. In the meantime, we strongly advise all users of TeamCity On-Premises to update their servers to 2023.05.4 to mitigate the issue. We will also be releasing additional technical details of the vulnerability soon. We have fixed this vulnerability in version 2023.05.4, and have already notified our customers. This issue does not impact TeamCity Cloud, and we have already upgraded TeamCity Cloud servers to the latest version. It has been assigned the CVE identifier CVE-2023-42793 and presents the weakness CWE-288 (Authentication Bypass Using an Alternate Path or Channel). If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform a remote code execution (RCE) attack and gain administrative control of the TeamCity server.Īll versions of TeamCity On-Premises are affected by this critical security vulnerability. For those who are unable to do so, we have released a security patch plugin (details below).Ī critical security issue was recently identified in TeamCity On-Premises.We encourage all users to update their servers to the latest version.This vulnerability has been fixed in version 2023.05.4.The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform a remote code execution (RCE) attack and gain administrative control of the TeamCity server.This critical security vulnerability has been assigned the CVE identifier CVE-2023-42793 and presents the weakness CWE-288.A critical security issue was recently identified in TeamCity On-Premises (initially discovered and reported to us by the team at Sonar).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |