TEAMCITY_CHANGE_TIMEOUT 30 yes The timeout to wait for the changes to be applied TEAMCITY_ADMIN_ID 1 yes The ID of an administrator account to authenticate as SSL false no Negotiate SSL/TLS for outgoing connections Proxies no A proxy chain of format type:host:port Name Current Setting Required Description Module options (exploit/multi/http/jetbrains_teamcity_rce_cve_2023_42793): Example usage: msf6 exploit(multi/http/jetbrains_teamcity_rce_cve_2023_42793) > show options This exploit works against both Windows and Linux targets. A Rapid7 TeamCity customer advisory has also been released with details on mitigation guidance. The vulnerability was originally discovered by SonarSource, and the Metasploit module was developed by Rapid7’s Principal Security Researcher Stephen Fewer who additionally published a technical analysis on AttackerKB for CVE-2023-42793. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. This week’s Metasploit release includes a new module for a critical authentication bypass in JetBrains TeamCity CI/CD Server. Last updated at Mon, 20:33:29 GMT TeamCity authentication bypass and remote code execution
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |