CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-27198

High Severity
Jetbrains
SVRS
50/100
CVSSv3
9.8/10
EPSS
0.94579/1

CVE-2024-27198 is a critical authentication bypass vulnerability in JetBrains TeamCity. This flaw allows attackers to perform administrative actions without proper authentication, posing a severe risk to affected systems. With an SVRS of 50, although not critical (above 80), CVE-2024-27198 still presents a substantial threat due to its potential for unauthorized access and control. Given the availability of active exploits and its presence on the CISA KEV list, immediate patching is strongly recommended. Exploitation could lead to complete system compromise, data breaches, and significant operational disruption. Organizations using vulnerable versions of JetBrains TeamCity should prioritize applying the necessary updates to mitigate this risk. The vulnerability highlights the importance of regular security assessments and prompt patching to protect against evolving cyber threats.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-03-04
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-27198 is a critical vulnerability in JetBrains TeamCity before 2023.11.4 that allows an attacker to bypass authentication and perform administrative actions. The vulnerability has a CVSS score of 9.8 and a SOCRadar Vulnerability Risk Score (SVRS) of 99, indicating its severe and urgent nature.

Key Insights:

  • Authentication Bypass: The vulnerability allows attackers to bypass authentication mechanisms and gain unauthorized access to TeamCity, potentially leading to sensitive data compromise or system disruption.
  • Administrative Privileges: Once authenticated, attackers can perform administrative actions, including creating and modifying users, projects, and build configurations.
  • Active Exploits: Active exploits have been published, making it likely that attackers are actively exploiting the vulnerability.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the vulnerability, urging organizations to take immediate action.

Mitigation Strategies:

  • Update TeamCity: Install the latest version of TeamCity (2023.11.4 or later) to patch the vulnerability.
  • Enable Two-Factor Authentication: Implement two-factor authentication for all TeamCity users to add an extra layer of security.
  • Restrict Access: Limit access to TeamCity to only authorized users and implement role-based access controls to prevent unauthorized actions.
  • Monitor for Suspicious Activity: Regularly monitor TeamCity logs and activity for any suspicious behavior or unauthorized access attempts.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
364d4fdf430477222fe854b3cd5b6d402024-03-25
HASH
71db2ae9c36403cec1fd38864d64f2392024-03-25
HASH
f35b05779e9538cec363ca37ab38e2872024-03-25
HASH
5c7b2705155023e6e438399d895d30bf924e05472024-03-25
HASH
b5224224fdbabdea53a91a96e9f816c6f9a8708c2024-03-25
HASH
d4fa57f9c9e35222a8cacddc79055c1d76907fb92024-03-25
HASH
c62677543eeb50e0def44fc75009a7748cdbedd0a3ccf62f50d7f219f6a5aa052024-03-25

Exploits

TitleSoftware LinkDate
Cythonic1/CVE-2024-27198_POChttps://github.com/Cythonic1/CVE-2024-27198_POC2024-10-14
geniuszly/CVE-2024-27198https://github.com/geniuszly/CVE-2024-271982024-10-09
Ostorlab/KEVhttps://github.com/Ostorlab/KEV2022-04-19
Pypi-Project/RCity-CVE-2024-27198https://github.com/Pypi-Project/RCity-CVE-2024-271982024-08-12
yoryio/CVE-2024-27198https://github.com/yoryio/CVE-2024-271982024-03-05
geniuszlyy/CVE-2024-27198https://github.com/geniuszlyy/CVE-2024-271982024-10-09
hcy-picus/emerging_threat_simulatorhttps://github.com/hcy-picus/emerging_threat_simulator2024-03-06
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Tuesday, March 5th, 2024
Dr. Johannes B. Ullrich2024-03-05
ISC StormCast for Tuesday, March 5th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TAPs at Home; TeamCity Vuln; GitHub Push Protections; Android Update; Linksys BugCapturing DShield Packets with a LAN Tap https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708 Additional Critical Security Issues Affecting Teamcity https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ GitHub Push Protection Now On By Default https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/ Android Updates<
sans.edu
rss
forum
news
23 Vulnerabilities in Black Basta’s Chat Logs Exploited in the Wild, Including PAN-OS, Cisco IOS, &amp; Exchange
Guru Baran2025-02-27
23 Vulnerabilities in Black Basta’s Chat Logs Exploited in the Wild, Including PAN-OS, Cisco IOS, &amp; Exchange | GreyNoise has confirmed active exploitation of 23 out of 62 vulnerabilities referenced in internal chat logs attributed to the Black Basta ransomware group. These vulnerabilities span enterprise software, security appliances, and widely deployed web applications, with several critical flaws exploited as recently as the past 24 hours. The findings underscore the persistent targeting of known [&#8230;] The post 23 Vulnerabilities in Black Basta&#8217;s Chat
cybersecuritynews.com
rss
forum
news
5 commercial software attacks — and what you can learn from them
[email protected] (Jaikumar Vijayan)2024-10-09
5 commercial software attacks — and what you can learn from them | Enterprise organizations in recent years have come to recognize that attacks targeting software supply chains are a major threat. But the focus has been on
reversinglabs.com
rss
forum
news
1.791
2024-12-17
1.791 | Newly Added (13)Security Vulnerabilities fixed in Adobe ColdFusion APSB24-14Cleo Harmony CVE-2024-50623 Remote Code Execution VulnerabilityCleo LexiCom CVE-2024-50623 Remote Code Execution VulnerabilityCleo VLTrader CVE
fortiguard.com
rss
forum
news
Metasploit Weekly Wrap-Up 11/22/2024
Spencer McIntyre2024-11-22
Metasploit Weekly Wrap-Up 11/22/2024 | Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. Learn more about this week's Metasploit Wrap-Up.JetBrains TeamCity Login Scanner Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. TeamCity has been the subject of multiple ETR vulnerabilities</a
rapid7.com
rss
forum
news
CVE-2024-27198 | JetBrains TeamCity up to 2023.11.3 authentication bypass
vuldb.com2024-11-29
CVE-2024-27198 | JetBrains TeamCity up to 2023.11.3 authentication bypass | A vulnerability classified as critical has been found in JetBrains TeamCity. Affected is an unknown function. The manipulation leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2024-27198. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news
Ransomware recap: Top threat actors, exploited vulnerabilities in H1 2024 - scworld.com
2024-08-14
Ransomware recap: Top threat actors, exploited vulnerabilities in H1 2024 - scworld.com | News Content: The ransomware landscape in the first half of 2024 saw a slight increase in claimed attacks year-over-year, a shakeup in the top six most prolific ransomware gangs and a new list of vulnerabilities most commonly exploited for ransomware intrusion. The Ransomware Review for the first half of 2024 (H1 2024) from Palo Alto Networks Unit 42 involved an analysis of breach announcements from 53 ransomware leak sites, which totaled 1,762 new announcements so far this year. This represents a 4.3% increase in posts compared
google.com
rss
forum
news

Social Media

@_x9im Yes, RCE attacks likely rose in 2024 per reports on exploited vulnerabilities. Key CVEs include CVE-2024-27198 &amp; CVE-2024-27199 (TeamCity), CVE-2024-4358 (Telerik), and CVE-2024-47575 (FortiManager). Blue Yonder was hit via Cleo RCE by Cl0P ransomware; FortiManager &amp; TeamCity
0
0
0
Actively exploited CVE : CVE-2024-27198
1
0
0
Great post with investigation of nation state actor APT29 Exploiting TeamCity CVE-2024-27198APT29 Exploiting TeamCity CVE-2024-27198 https://t.co/emhHZSHkhm
0
0
0
🚨New Video!🚨 Dive into the "Brains" TryHackMe room walkthrough! Exploit TeamCity's CVE-2024-27198 and learn both Red Team and Blue Team skills! 💻🔒 #Cybersecurity #Pentesting #MatSec #ethicalhacking https://t.co/O2Hj9mmzDq
0
0
0
Actively exploited CVE ID, source in the thread (generated, not vetted) CVE-2024-27198
1
0
0
New vulnerabilities, ⟼ CVE-2024-27198, ⟼ CVE-2024-27199, were discovered in JetBrains TeamCity, leading to multiple authentication bypass exploits. Rapid7 uncovered these issues, now resolved in TeamCity 2023.11.4. Rapid7's Report: https://t.co/t2bC7kq3nT #infosec #cve
0
0
1
Our experts regularly update Core Impact's certified #exploit library. Get details on the latest additions, including CVE-2023-6875 and CVE-2024-27198. #cve https://t.co/6PAlq1t2Gu https://t.co/R7nxXEy4Ph
0
0
3
Not an honor anyone wants: @jetbrains gets @GitGuardian #infosec vulnerability of the month for their TeamCity CI/CD tool in #CVE-2024-27198 &amp; #CVE-2024-27199. But not without a catfight between #Jetbrains and @Rapid7 who discovered the vulnerability. https://t.co/PnmDL5F8YZ
0
0
0
Not an honor anyone wants: @jetbrains gets the @GitGuardian #infosec vulnerability of the month for their TeamCity CI/CD tool in #CVE-2024-27198 &amp; #CVE-2024-27199. But not without a catfight between #Jetbrains and @Rapid7 who discovered the vulnerability. https://t.co/QHpprwgZKz
0
0
0
Not an honor anyone wants: @jetbrains gets the @GitGuardian #infosec vulnerability of the month for their TeamCity CI/CD tool in #CVE-2024-27198 &amp; #CVE-2024-27199. But not without a catfight between #Jetbrains &amp; @Rapid7 who discovered the vulnerability. https://t.co/QHpprwgZKz
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppJetbrainsteamcity

References

ReferenceLink
[email protected]https://www.jetbrains.com/privacy-security/issues-fixed/
[email protected]https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive
[email protected]https://www.jetbrains.com/privacy-security/issues-fixed/
GITHUBhttps://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive

CWE Details

CWE IDCWE NameDescription
CWE-288Authentication Bypass Using an Alternate Path or ChannelA product requires authentication, but the product has an alternate path or channel that does not require authentication.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence