一、 漏洞 CVE-2023-42793 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
在 JetBrains TeamCity 2023.05.4 之前,可能通过在 TeamCity 服务器上绕过验证导致 RCE。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
认证机制不恰当
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
使用候选路径或通道进行的认证绕过
来源:美国国家漏洞数据库 NVD
漏洞标题
JetBrains TeamCity 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
JetBrains TeamCity是捷克JetBrains公司的一套分布式构建管理和持续集成工具。该工具提供持续单元测试、代码质量分析和构建问题分析报告等功能。 JetBrains TeamCity 2023.05.4之前版本存在安全漏洞,该漏洞源于攻击者可以绕过身份验证,导致在 TeamCity 服务器上执行RCE 。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2023-42793 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2023-42793 | https://github.com/H454NSec/CVE-2023-42793 | POC详情 |
| 2 | PoC of CVE-2023-42793 | https://github.com/Zenmovie/CVE-2023-42793 | POC详情 |
| 3 | TeamCity JetBrains PoC (CVE-2023-42793) | https://github.com/WhiteOwl-Pub/PoC-JetBrains-TeamCity-CVE-2023-42793 | POC详情 |
| 4 | proof of concept of CVE-2023-42793 vulnerability in TeamCity JetBrains | https://github.com/WhiteOwl-Pub/JetBrains-PoC-CVE-2023-42793 | POC详情 |
| 5 | None | https://github.com/johnossawy/CVE-2023-42793_POC | POC详情 |
| 6 | Proof of Concept script to exploit CVE-2023-42793 (TeamCity) | https://github.com/StanleyJobsonAU/GhostTown | POC详情 |
| 7 | Just for fun | https://github.com/St0rm-85/CVE-2023-42793 | POC详情 |
| 8 | JetBrains TeamCity Unauthenticated Remote Code Execution - Python3 Implementation | https://github.com/hotplugin0x01/CVE-2023-42793 | POC详情 |
| 9 | JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE), CVE-2023-42793 | https://github.com/Zyad-Elsayed/CVE-2023-42793 | POC详情 |
| 10 | TeamCity CVE-2023-42793 exploit written in Rust | https://github.com/junnythemarksman/CVE-2023-42793 | POC详情 |
| 11 | TeamCity RCE for Linux (CVE-2023-42793) | https://github.com/HusenjanDev/CVE-2023-42793 | POC详情 |
| 12 | TeamCity CVE-2023-42793 RCE (Remote Code Execution) | https://github.com/FlojBoj/CVE-2023-42793 | POC详情 |
| 13 | None | https://github.com/whoamins/CVE-2023-42793 | POC详情 |
| 14 | teamcity-exploit-cve-2023-42793 | https://github.com/SwiftSecur/teamcity-exploit-cve-2023-42793 | POC详情 |
| 15 | JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE), CVE-2023-42793 | https://github.com/B4l3rI0n/CVE-2023-42793 | POC详情 |
| 16 | TeamCity server scanner to detect CVE-2023-42793 | https://github.com/becrevex/CVE-2023-42793 | POC详情 |
| 17 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-42793.yaml | POC详情 |
| 18 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Jetbrains%20TeamCity%20%E8%AE%A4%E8%AF%81%E7%BB%95%E8%BF%87%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-42793.md | POC详情 |
| 19 | https://github.com/vulhub/vulhub/blob/master/teamcity/CVE-2023-42793/README.md | POC详情 | |
| 20 | None | https://github.com/jakehomb/cve-2023-42793 | POC详情 |
三、漏洞 CVE-2023-42793 的情报信息
-
标题: Fixed security issues -- 🔗来源链接
标签:
- https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/
- http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html
- https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793
- https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/
- https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/
-
标题: Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity | Sonar -- 🔗来源链接
标签:
- https://nvd.nist.gov/vuln/detail/CVE-2023-42793