A critical security vulnerability in JetBrains TeamCity, a widely used continuous integration and continuous deployment (CI/CD) software, has been identified. This flaw, known as CVE-2023-42793, has a high CVSS score of 9.8 and could allow unauthenticated attackers to execute remote code on affected systems. If successfully exploited, this vulnerability could have severe consequences, including data theft, exposure of service secrets, and even taking control of build agents.
Security researcher Stefan Schiller from Sonar reported the vulnerability and highlighted the potential risks, such as the compromise of build pipelines and supply chain compromises. Due to its significant threat level, details of the bug have been partially withheld to prevent exploitation by threat actors.
JetBrains has responded promptly by releasing TeamCity version 2023.05.4, which addresses the vulnerability. They have also provided a security patch plugin for older TeamCity versions.
This security concern emerges alongside the disclosure of two high-severity flaws in Atos Unify OpenScape products, emphasizing the ongoing challenges of software vulnerabilities. With security researchers uncovering critical issues in various software systems, the importance of timely updates and patches remains paramount to safeguarding sensitive data and systems from cyber threats.