![]() In the meantime, we strongly advise all users of TeamCity On-Premises to update their servers to 2023.05.4 to mitigate the issue. We will also be releasing additional technical details of the vulnerability soon. We have fixed this vulnerability in version 2023.05.4, and have already notified our customers. This issue does not impact TeamCity Cloud, and we have already upgraded TeamCity Cloud servers to the latest version. It has been assigned the CVE identifier CVE-2023-42793 and presents the weakness CWE-288 (Authentication Bypass Using an Alternate Path or Channel). If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform a remote code execution (RCE) attack and gain administrative control of the TeamCity server.Īll versions of TeamCity On-Premises are affected by this critical security vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |