December 6, 2023

The U.S. CISA added the JetBrains TeamCity flaw  CVE-2023-42793  and Windows bug CVE-2023-28229 to its Known Exploited Vulnerabilities Catalog.

Below are the descriptions of the two vulnerabilities:

CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability. The vulnerability is an authentication bypass issue affecting the on-premises version of TeamCity. An attacker can exploit the flaw to steal source code and stored service secrets and private keys of the target organization. By injecting malicious code, an attacker can also compromise the integrity of software releases and impact all downstream users.

CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability. At the end of August, a cybersecurity researcher released the details and a proof-of-concept (PoC) exploit for this vulnerability.  The vulnerability, which has a CVSS score of 7.0, could allow an attacker to gain specific limited SYSTEM privileges.

CISA orders federal agencies to fix this flaw by October 25, 2023.

This week the US CISA also added a Use-After-Free Vulnerability, tracked as CVE-2023-4211, in Arm Mali GPU Kernel Driver to the Catalog. CISA orders federal agencies

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.