See runZero in action

Contact us to book a demo with our team.

Rapid response

How to find TeamCity instances

, by HD Moore
icon

How to find TeamCity assets? #

On September 20th, JetBrains announced a critical authentication bypass vulnerability that impacts users running the TeamCity On-Premises product. The vulnerability is being tracked using CVE-2023-42793 and presents the weakness of CWE-288 (Authentication Bypass Using an Alternate Path or Channel). Successfully exploiting this vulnerability would allow an unauthenticated remote attacker to perform a Remote Code Execution (RCE) attack and gain administrative access to the underlying system.

What is JetBrains TeamCity? #

TeamCity is a product that allows customers to combine the practices of Continuous Integration with Continuous Delivery, or CICD to build and deliver their software. This makes the patching of this vulnerability of higher importance since it would allow an attacker a potential foothold into the supply chain of products built using the TeamCity On-Premises product. Although JetBrains provides a cloud-hosted instance of TeamCity, only customer-hosted instances, which include the Professional and Enterprise editions are currently affected by the vulnerability.

Are updates available? #

JetBrains has issued a patch for the vulnerability in revision 2023.05.4, encouraging all users to upgrade. For users that cannot immediately apply the update, a security patch plugin is also available. More information can be found on JetBrain’s website.

How do I find potentially vulnerable versions of TeamCity with runZero? #

TeamCity On-Premises assets can be found by navigating to the Asset Inventory and using the following pre-built query to locate TeamCity services on your network:

product:"TeamCity"

Results from the above query should be triaged to determine if they require patching or vendor intervention.

As always, any prebuilt queries are available from your runZero console. Check out the documentation for other useful inventory queries.

Get runZero for free

Don’t have runZero and need help finding TeamCity instances?

Get started
Learn more about runZero
HD Moore
Written by HD Moore

HD Moore is the co-founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

Query Teamcity

Similar Content

November 9, 2023

How to find SysAid Help Desk instances

How to find SysAid Help Desk instances # On the evening of November 8th Microsoft Threat Intelligence announced that they had discovered attacks by a ransomware gang against the SysAid Help Desk software using a zero-day exploit (CVE-2023-47246). These attacks leveraged a …

Read More

November 1, 2023

How to find Apache ActiveMQ instances

How to find Apache ActiveMQ® instances # On October 25th the Apache team announced a vulnerability (CVE-2023-46604) in ActiveMQ that could lead to unauthenticated remote code execution. Shortly after the issue was disclosed exploits started to appear and the Rapid7 MDR team …

Read More

October 30, 2023

Finding NGINX Ingress Controllers with runZero

Today, three vulnerabilities in the NGINX Ingress Controller for Kubernetes were disclosed, as described in this article from The Hacker News. These vulnerabilities have CVSS scores ranging from 7.6 to 8.8; all of these scores are considered high. These vulnerabilities have …

Read More