CVE-2023-42793 Vulnerability

Hi

I have installed CVE-2023-42793-fix-recent-versions last Oct as I can't upgrade our teamcity to latest version. 

I saw the new warnings that this plugin has been exploited. Is there any new plugin to fix the issue so I can install it until , we get our systems ready for upgrade?

I really appreciate any help and advice.

 

Thank you very much

Kati

0
11 comments

Hi, where do you see these warnings? 

0

Hi

 

On your website, I saw this

On December 13, 2023 the Cybersecurity & Infrastructure Security Agency of the U.S. Department of Homeland Security (CISA) released a public advisory, in which they shared new ways in which this vulnerability (CVE-2023-42793) has been exploited by Russian nation-state threat actors as of September 2023.

Last October, I installed ‘CVE-2023-42793-fix-recent-versions’ because I could not upgarde our teamcity.

We have version 2022.04.10 and I need to upgrade some other softwares before I upgrade Teamcity to 2023.05.

I just need to know, is there any new plugin to fix the vulnerability?

 

Thank you

Kati

0

Hi Kati,

On December 13, 2023 the Cybersecurity & Infrastructure Security Agency of the U.S. Department of Homeland Security (CISA) released a public advisory, in which they shared new ways in which this vulnerability (CVE-2023-42793) has been exploited by Russian nation-state threat actors as of September 2023.

It's the same vulnerability, not a new one, so if you installed the patch plugin, then your TeamCity installation is safe and you don't need to upgrade. 

0

Thank you very much for clarification.

I am planning to upgrade Teamcity to 2023.05.04 version.

I have 

DotNet3.4, 4.5  and 4.6

Git 2.42

Jreg 8

Nodjs 18.8

Should I upgrade any of this before upgrading Teamcity to 2023.05.04 or is it safe if I upgrade Teamcity and then upgrade these later?

Thank you

Kati

0

It should be safe to update TeamCity, please go ahead and ask any questions you may have

0

Thank you very much

0

Hi Dmitry

I upgraded teamcity to 2023.05.4 yesterday. Thank you for your help.

I have Jre8.0.341 on 3 TC agents.

I want to upgrade it to version 11. I am new in this area so I really appreciate if you you help me to  correct direction.

I need to know what is the version 11. Is there any Jre11? Where can I download it? Any URL? My server is 64bit.

Is there anything, I should be aware before installing version 11 of JRe?

Thank you very much

Kati

 

0

Hi Kati,

Please read the following documentation https://www.jetbrains.com/help/teamcity/configure-java-for-agent.html, it describes how to install java on the agents

0

Good morning

I received an email about the security vulnerabilities.

We have Teamcity, on-premises 2023.05.

Recently, I installed the plugin security_patch_2024_02. I checked your website and I don't see any newer plugin.

Is there any new plugin that I have to install or I MUST upgrade our teamcity to 2023.11.

I really appreciate your help and advice.

 

Thank you

Kati

0

Any answer please?

0

Hi, please upgrade to 2023.05.5 release, more details are in the blog post we published https://blog.jetbrains.com/teamcity/2024/05/teamcity-major-bug-fix-release-for-all-versions/

0

Please sign in to leave a comment.