VERY IMPORTANT

On September 6, 2023, researchers from Sonar discovered a critical TeamCity On-Premises vulnerability (CVE-2023-42793[1]) issue.[2] TeamCity is a build management and continuous integration server from JetBrains[3]. On September 27, 2023, a public exploit for this vulnerability was released by Rapid7[4]. This critical vulnerability was given a CVE score of 9.8, most likely because an attacker can deploy the publicly available exploit without authentication supporting remote code execution on the victim server using a basic web request to any accessible web server hosting the vulnerable application. This vulnerability has been observed being actively exploited in the wild and was added to CISA's 'Known Exploited Vulnerabilities Catalog' on October 4, 2023.