CVE-2024-27198
CVE-2024-27198
In short
TeamCity versions before 2023.11.4 have an authentication bypass flaw that allows attackers to skip the login process and perform administrative actions without proper credentials.
Technical detail
An authentication bypass vulnerability in JetBrains TeamCity prior to 2023.11.4 (CWE-288) permits unauthenticated attackers to execute privileged administrative operations. The vulnerability requires network access to the TeamCity instance and results in complete compromise of system integrity and confidentiality.
Summary generated and translated by AI from the official description.
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
JetBrains · TeamCitypublic PoCs found — 19
githubgithub.com/W01fh4cker/CVE-2024-27198-RCE★ 157githubgithub.com/yoryio/CVE-2024-27198★ 37githubgithub.com/Chocapikk/CVE-2024-27198★ 36githubgithub.com/Stuub/RCity-CVE-2024-27198★ 36githubgithub.com/K3ysTr0K3R/CVE-2024-27198-EXPLOIT★ 7githubgithub.com/passwa11/CVE-2024-27198-RCE★ 3githubgithub.com/geniuszly/CVE-2024-27198★ 3githubgithub.com/ptd200110/CVE-2024-27198-SOC-Lab★ 2githubgithub.com/EynaExp/CVE-2024-27198-POC★ 1githubgithub.com/CharonDefalt/CVE-2024-27198-RCE★ 1githubgithub.com/HPT-Intern-Task-Submission/CVE-2024-27198★ 0githubgithub.com/rampantspark/CVE-2024-27198★ 0githubgithub.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198-★ 0githubgithub.com/jrbH4CK/CVE-2024-27198★ 0githubgithub.com/Cythonic1/CVE-2024-27198_POC★ 0githubgithub.com/ArtemCyberLab/Project-Exploiting-CVE-2024-27198-RCE-Vulnerability★ 0githubgithub.com/cmpnn-romain/CVE-2024-27198_Lab★ 0githubgithub.com/Ne0zer01/CVE-2024-27198_LAB★ 0exploitdbwww.exploit-db.com/exploits/52411unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →