"Recently Patched TeamCity Vulnerability Exploited to Hack Servers"

According to security researchers at GreyNoise, in-the-wild exploitation of a critical vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server started just days after the availability of a patch was announced.  The vulnerability tracked as CVE-2023-42793 impacts the on-premises version of TeamCity, and it allows an unauthenticated attacker with access to a targeted server to achieve remote code execution and gain administrative control of the system.  JetBrains announced the release of TeamCity 2023.05.4, which patches the flaw, on September 21.  The researchers saw the first exploitation attempts on September 27, with a peak seen the following day.  The researchers have seen attack attempts coming from 56 unique IP addresses as of October 1.  A different threat intelligence company, Prodaft, reported seeing “many popular ransomware groups” targeting CVE-2023-42793.  Prodaft scanned the internet for vulnerable TeamCity servers and identified nearly 1,300 unique IPs, with the highest percentage located in the United States, followed by Germany, Russia, and China.  The researchers are urging users of TeamCity to update their installation as soon as possible.

SecurityWeek reports: "Recently Patched TeamCity Vulnerability Exploited to Hack Servers"