Help
FortiDAST
FortiDAST performs automated black-box dynamic application security testing of web applications to identify vulnerabilities that bad actors may exploit.
rdiwakar
Staff
Staff

Created on ‎04-16-2024 02:17 AM

Article Id 309966

Outbreak Alert: JetBrains TeamCity Authentication Bypass Attack

Description

In CVE-2023-42793, authentication bypass vulnerability in JetBrains TeamCity that affects all versions before 2023.05.4. This vulnerability is located in the "RequestInterceptors" and can lead to RCE on TeamCity Server.

This article describes the assessment of authentication bypass vulnerability in JetBrains TeamCity.
Scope FortiDAST Scripting Engine updated in version 24.1
Solution

Detection against that vulnerability is empowered by the FortiDAST Scripting Engine (FSE).

This technology enables FortiDAST to assess remotely with a high level of confidence if an asset is vulnerable to a specific vulnerability by testing the disarmed exploit against the asset itself.

To configure the scan, it will be necessary to enable the FSE group signature 'jetbrains' which will select the underlying script: ‘CVE-2023-42793 JetBrains TeamCity Authentication Bypass Attack.’

For reference, a step-by-step guide on how to configure FortiDAST to trigger FSE can be found on Fortinet’s blog:
https://www.fortinet.com/blog/business-and-technology/fortipentest-exploit-engine-a-new-security-ars...
126
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.