CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2024-27198

CVSS 9.8v3.1pub. 2024-03-04upd. 2025-10-24

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

🤖 AI Analysis
How it works

The vulnerability, classified as CWE-288 (Authentication Bypass Using an Alternate Path or Channel), allows bypassing authentication mechanisms in the TeamCity admin panel. An attacker can remotely send a specially crafted HTTP request without possessing an account or any credentials, which the application treats as authorized. As a result, the attacker gains the ability to perform full administrative operations on the CI/CD server.

Impact

An attacker can gain full administrative control over the TeamCity server — creating unauthorized user accounts, modifying CI/CD pipeline configurations, stealing secrets and access tokens, and potentially introducing malicious code into software build processes. Compromising a CI/CD server can lead to supply chain attacks.

Mitigation & patch

JetBrains TeamCity must be immediately updated to version 2023.11.4 or later. Detailed information is available on the vendor's website: https://www.jetbrains.com/privacy-security/issues-fixed/

Who is affected

JetBrains TeamCity in all versions prior to 2023.11.4

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Jetbrains Teamcity

    APP
    Jetbrains
    < 2023.11.4

CISA KEV — detailsi

Vendori
JetBrains
Producti
TeamCity
Added to KEVi
March 7, 2024
Remediation deadline (US Federal)i
March 28, 2024(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 28 marca 2024
Tags
Auth BypassCI/CD
CWE
References

Related vulnerabilities

CVE-2023-42793CRITICAL9.8⚠ KEVten sam produkt

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

CVE-2024-23917CRITICAL9.8PL ✓ten sam produkt

JetBrains TeamCity: Authentication Bypass umożliwiający RCE

CVE-2023-34218CRITICAL9.1ten sam produkt

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possibl...

CVE-2022-24331CRITICAL9.8ten sam produkt

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

CVE-2022-24340CRITICAL9.8ten sam produkt

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.