[HN Gopher] CVE-2023-42793 Vulnerability in TeamCity: Post-Mortem
       ___________________________________________________________________
        
       CVE-2023-42793 Vulnerability in TeamCity: Post-Mortem
        
       Author : mikece
       Score  : 19 points
       Date   : 2023-09-28 20:22 UTC (2 hours ago)
        
 (HTM) web link (blog.jetbrains.com)
 (TXT) w3m dump (blog.jetbrains.com)
        
       | politelemon wrote:
       | The sonar blog post on the exploit explains it well.
       | https://www.sonarsource.com/blog/teamcity-vulnerability/
       | 
       | The middleware was not checking paths if they ended with /rpc2,
       | and incidentally there was an endpoint to create named tokens for
       | any user. So they created tokens named rpc2, which is an
       | indicator of compromise.
        
       ___________________________________________________________________
       (page generated 2023-09-28 23:01 UTC)