Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

Unauthenticated attackers may use a significant security flaw in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software to execute remote code on vulnerable systems. Following a responsible disclosure on September 6, 2023, the bug, tracked as CVE-2023-42793, was fixed in TeamCity version 2023.05.4 with a CVSS score of 9.8.

In a study published this week, Sonar security researcher Stefan Schiller stated that “attackers could use this access to steal source code, service secrets, and private keys, take control over attached build agents, and poison build artifacts.” If the problem is successfully exploited, threat actors may be able to enter the build pipelines and insert arbitrary code, breaching system integrity and compromising the supply chain.

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

26-Sep-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address