JetBrains TeamCity Auth Bypass: Safeguarding Against Cozy Bear Exploits 

by | Feb 29, 2024 | RidgeBot

In the ever-evolving landscape of cybersecurity threats, another significant vulnerability has emerged—CVE-2023-42793 in JetBrains TeamCity. This vulnerability has recently gained attention due to its exploitation by a well-known Russian advanced persistent threat (APT) actor, Cozy Bear. The implications of this vulnerability are severe, as it allows unauthorized access to the TeamCity server, enabling the creation of a new admin user and password. 

Understanding CVE-2023-42793 

The crux of CVE-2023-42793 lies in its potential to compromise the authentication system of JetBrains TeamCity. This flaw allows threat actors, in this case, Cozy Bear, to exploit the vulnerability and gain administrative privileges without proper authentication. The consequences of such unauthorized access extend beyond the immediate server breach, potentially leading to data manipulation, theft, or even the disruption of critical operations. 

CISA Advisory: Heightened Concerns 

The severity of the situation prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a joint government advisory on December 13th, 2023. The advisory serves as a warning to users about the active exploitation of CVE-2023-42793 by Cozy Bear. Organizations are urged to take immediate action to patch and secure their JetBrains TeamCity instances to mitigate the risk of falling victim to this threat. 

Strengthening Defenses with RidgeBot 

Just as we highlighted the importance of proactive cybersecurity measures in response to our previous blog post, the same principles apply to TeamCity. Ridge Security, a pioneer in cybersecurity solutions, has once again risen to the occasion. Our RidgeBot, already proven effective in identifying and addressing vulnerabilities in diverse digital landscapes, is now equipped to tackle CVE-2023-42793 in JetBrains TeamCity. 

RidgeBot in Action: Detecting and Defending 

In Fig1, you can see RidgeBot in action as it identifies the TeamCity vulnerability. The comprehensive attack logs in Fig5 provide insights into the attempted exploits, and Fig3 showcases RidgeBot’s success in defending against unauthorized access. 

Fig1: RidgeBot identifies TeamCity vulnerability* 

Fig2: RidgeBot TeamCity Attack logs* 

Fig3: RidgeBot successfully demonstrates unauthorized access by creating and deleting an admin user 

Empower Your Defenses with RidgeBot 

In the face of evolving cyber threats orchestrated by sophisticated actors like Cozy Bear, it is essential to fortify your defenses. RidgeBot, with its cutting-edge capabilities, provides continuous automated testing and actionable insights to help organizations proactively strengthen their digital security.