admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create JetBrains_TeamCity_remote_command_execution_vulnerability.md

Browse Source
This commit is contained in:
Goby 2023-10-13 15:33:16 +08:00 committed by GitHub
parent 9300fc290d
commit 42897d9cbb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
JetBrains_TeamCity_remote_command_execution_vulnerability.md Normal file
View File

@ -0,0 +1,12 @@
## JetBrains TeamCity remote command execution vulnerability (CVE-2023-42793)
| **Vulnerability** | JetBrains TeamCity remote command execution vulnerability (CVE-2023-42793) |
| :----: | :-----|
| **Chinese name** | JetBrains TeamCity 远程命令执行漏洞CVE-2023-42793 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [app="JET_BRAINS-TeamCity"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJUZWFtY2l0eSIgfHwgYmFubmVyPSJUZWFtY2l0eSIgfHwgdGl0bGU9IlRlYW1DaXR5IiB8fCBib2R5PSJjb250ZW50PVwiVGVhbUNpdHkgKExvZyBpbiB0byBUZWFtQ2l0eSI%3D)|
| **Number of assets affected** | 26963 |
| **Description** | JetBrains TeamCity is a general CI/CD software platform developed by JetBrains.JetBrains TeamCity can obtain the valid token of the corresponding id user by accessing the /app/rest/users/{{id}}/tokens/RPC2 endpoint. Accessing the restricted endpoint with the admin token will cause remote command execution or the creation of a background administrator user. |
| **Impact** | JetBrains TeamCity can obtain the valid token of the corresponding id user by accessing the /app/rest/users/{{id}}/tokens/RPC2 endpoint. Accessing the restricted endpoint with the admin token will cause remote command execution or the creation of a background administrator user. |
![](https://s3.bmp.ovh/imgs/2023/10/13/d46d67aca09ab4ae.gif)