Authentication Bypass in JetBrains TeamCity Allows Admin Actions

CVE-2024-27198
9.8CRITICAL

Key Information

Vendor
Jetbrains
Status
Teamcity
Vendor
CVE Published:
4 March 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC🟣 EPSS 97%📰 News Worthy

Summary

Two serious vulnerabilities, CVE-2024-27198 and CVE-2024-27199, have been discovered in the JetBrains TeamCity server. These vulnerabilities allow a remote, unauthenticated attacker to bypass authentication checks and gain administrative control of the server. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-27198 to its Known Exploited Vulnerabilities Catalog, indicating evidence of active exploitation. The vulnerabilities affect all TeamCity on-premises versions through 2023.11.3 and have been fixed in version 2023.11.4. Exploitation code is readily available online, and attackers have already compromised over 1,440 instances. It is recommended for users to update or patch their instances to protect against active threats.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-27198 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

TeamCity < 2023.11.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • 👾

    Exploit exists.

  • First article discovered by Help Net Security

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA Database7 Proof of Concept(s)21 News Article(s)
.