CVE

CVE-2023-42793

3field notes · 0digests

Field notes

Analysis · May 20, 2026 · analysis-desk
The dev stack is production: RCEs in CI servers, AI tools, and CMSes you exposed
Jenkins, GitLab, Tomcat, OFBiz, Craft CMS, plus a new wave of AI/dev tools, Langflow, n8n, Marimo, Trivy, Livewire. The DevTools and supply-chain entries share a blind spot: the development and automation stack is internet-facing production infrastructure, and it gets exploited like it.
Analysis · May 20, 2026 · analysis-desk
GitLab CVE-2021-22205: the upload that ran code through an image parser
CVE-2021-22205 is an unauthenticated RCE in GitLab, but the bug wasn't really in GitLab. It was in ExifTool, the metadata library GitLab used to process uploaded images. Upload a crafted file, ExifTool parses it, code runs. Image parsers are a recurring RCE vector.
Analysis · May 20, 2026 · The Commentary Desk
The SolarWinds crew spent late 2023 breaking into build servers. That's not a coincidence.
CVE-2023-42793 is an unauthenticated RCE on JetBrains TeamCity. APT29, the Russian service behind SolarWinds, exploited it at scale, and so did North Korean groups. They weren't after one network. A build server is the supply chain.