CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini October 05, 2023

The U.S. CISA added JetBrains TeamCity and Windows vulnerabilities to its .

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) the JetBrains TeamCity flaw  (CVSS score: 9.8) and Windows bug  (CVSS score: 7.0) to its .

Below are the descriptions of the two vulnerabilities:

  • CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability. The vulnerability is an issue affecting the on-premises version of TeamCity. An attacker can exploit the flaw to steal source code and stored service secrets and private keys of the target organization. By injecting malicious code, an attacker can also compromise the integrity of software releases and impact all downstream users.
  •  Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability. At the end of August a cybersecurity researcher  the details, and a proof-of-concept (PoC) exploit for this vulnerability. The , which has a CVSS score of 7.0, could allow an attacker to gain specific limited SYSTEM privileges.

According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the  and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this flaw by October 25, 2023.

This week the US CISA also added a Use-After-Free Vulnerability, tracked as , in Arm Mali GPU Kernel Driver to the Catalog. CISA orders federal agencies to fix this flaw by October 24, 2023.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, Known Exploited Vulnerabilities catalog)



you might also like

leave a comment