CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-27199

Medium Severity
Jetbrains
SVRS
30/100
CVSSv3
7.3/10
EPSS
0.94501/1

CVE-2024-27199: A path traversal vulnerability exists in JetBrains TeamCity versions prior to 2023.11.4, potentially enabling attackers to execute limited admin actions. Despite a CVSS score of 7.3, SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a lower immediate threat level than some other vulnerabilities, although exploitation is possible. This vulnerability, categorized as CWE-23, allows unauthorized access to files and directories outside of the intended path, leading to potential data breaches and system compromise. The presence of the "In The Wild" tag means exploitation has been observed. Organizations using affected TeamCity versions should prioritize patching to mitigate the risk of unauthorized access and maintain system security. While not critically urgent based on SVRS, the potential for exploitation necessitates timely remediation.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:L
I:L
A:L
PUBLICATION DATE2024-03-04
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-27199 is a path traversal vulnerability in JetBrains TeamCity before 2023.11.4. This vulnerability allows an attacker to perform limited admin actions by exploiting a path traversal flaw. The SVRS for this CVE is 48, indicating a moderate risk.

Key Insights:

  • Limited Admin Actions: The vulnerability allows attackers to perform limited admin actions, such as creating or deleting projects, modifying user permissions, and accessing sensitive data.
  • In The Wild: This vulnerability is actively exploited by hackers, making it a critical threat to organizations using JetBrains TeamCity.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures to mitigate the risk.

Mitigation Strategies:

  • Update Software: Update JetBrains TeamCity to version 2023.11.4 or later to patch the vulnerability.
  • Restrict Access: Implement access controls to limit the number of users who can access sensitive data and perform administrative tasks.
  • Monitor Activity: Monitor system logs and network traffic for suspicious activity that may indicate an attack.
  • Use a Web Application Firewall (WAF): Implement a WAF to block malicious requests and protect against path traversal attacks.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
364d4fdf430477222fe854b3cd5b6d402024-03-25
HASH
71db2ae9c36403cec1fd38864d64f2392024-03-25
HASH
f35b05779e9538cec363ca37ab38e2872024-03-25
HASH
5c7b2705155023e6e438399d895d30bf924e05472024-03-25
HASH
b5224224fdbabdea53a91a96e9f816c6f9a8708c2024-03-25
HASH
d4fa57f9c9e35222a8cacddc79055c1d76907fb92024-03-25
HASH
c62677543eeb50e0def44fc75009a7748cdbedd0a3ccf62f50d7f219f6a5aa052024-03-25

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Tuesday, March 5th, 2024
Dr. Johannes B. Ullrich2024-03-05
ISC StormCast for Tuesday, March 5th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. TAPs at Home; TeamCity Vuln; GitHub Push Protections; Android Update; Linksys BugCapturing DShield Packets with a LAN Tap https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708 Additional Critical Security Issues Affecting Teamcity https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ GitHub Push Protection Now On By Default https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/ Android Updates<
sans.edu
rss
forum
news
5 commercial software attacks — and what you can learn from them
[email protected] (Jaikumar Vijayan)2024-10-09
5 commercial software attacks — and what you can learn from them | Enterprise organizations in recent years have come to recognize that attacks targeting software supply chains are a major threat. But the focus has been on
reversinglabs.com
rss
forum
news
1.791
2024-12-17
1.791 | Newly Added (13)Security Vulnerabilities fixed in Adobe ColdFusion APSB24-14Cleo Harmony CVE-2024-50623 Remote Code Execution VulnerabilityCleo LexiCom CVE-2024-50623 Remote Code Execution VulnerabilityCleo VLTrader CVE
fortiguard.com
rss
forum
news
CVE-2024-27199 | JetBrains TeamCity up to 2023.11.3 path traversal
vuldb.com2024-12-16
CVE-2024-27199 | JetBrains TeamCity up to 2023.11.3 path traversal | A vulnerability was found in JetBrains TeamCity. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to relative path traversal. The identification of this vulnerability is CVE-2024-27199. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news
Metasploit Weekly Wrap-Up 11/22/2024
Spencer McIntyre2024-11-22
Metasploit Weekly Wrap-Up 11/22/2024 | Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. Learn more about this week's Metasploit Wrap-Up.JetBrains TeamCity Login Scanner Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. TeamCity has been the subject of multiple ETR vulnerabilities</a
rapid7.com
rss
forum
news
CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability - The Hacker News
2024-03-08
CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability - The Hacker News | News Content: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a complete compromise of a susceptible server by a remote unauthenticated attacker. It was addressed by JetBrains earlier this week alongside CVE-2024-27199 (CVSS score: 7.3), another moderate-severity authentication bypass flaw that
rss
google.com
cve-2024-27199
cve-2024-27198
BlackCat/ALPHV ransomware gang receives $22 million payment. TA577 steals NTLM hashes. - The CyberWire
2024-03-07
BlackCat/ALPHV ransomware gang receives $22 million payment. TA577 steals NTLM hashes. - The CyberWire | News Content: By the CyberWire staff At a glance. BlackCat/ALPHV ransomware gang receives $22 million payment. TA577 steals NTLM hashes. Exploits available for JetBrains TeamCity vulnerabilities. South Korean semiconductor industry targeted by DPRK. BlackCat/ALPHV ransomware gang receives $22 million payment. WIRED reports that BlackCat/ALPHV, the ransomware-as-a-service operation responsible for the attack against UnitedHealth Group's Change Healthcare platform, on March 1st received a payment of 350 bitcoins (approximately $22 million). The Register says UnitedHealth Group declined to say whether it paid the ransom. ALPHV
google.com
rss
forum
news

Social Media

@_x9im Yes, RCE attacks likely rose in 2024 per reports on exploited vulnerabilities. Key CVEs include CVE-2024-27198 &amp; CVE-2024-27199 (TeamCity), CVE-2024-4358 (Telerik), and CVE-2024-47575 (FortiManager). Blue Yonder was hit via Cleo RCE by Cl0P ransomware; FortiManager &amp; TeamCity
0
0
0
New vulnerabilities, ⟼ CVE-2024-27198, ⟼ CVE-2024-27199, were discovered in JetBrains TeamCity, leading to multiple authentication bypass exploits. Rapid7 uncovered these issues, now resolved in TeamCity 2023.11.4. Rapid7's Report: https://t.co/t2bC7kq3nT #infosec #cve
0
0
1
Not an honor anyone wants: @jetbrains gets @GitGuardian #infosec vulnerability of the month for their TeamCity CI/CD tool in #CVE-2024-27198 &amp; #CVE-2024-27199. But not without a catfight between #Jetbrains and @Rapid7 who discovered the vulnerability. https://t.co/PnmDL5F8YZ
0
0
0
Not an honor anyone wants: @jetbrains gets the @GitGuardian #infosec vulnerability of the month for their TeamCity CI/CD tool in #CVE-2024-27198 &amp; #CVE-2024-27199. But not without a catfight between #Jetbrains and @Rapid7 who discovered the vulnerability. https://t.co/QHpprwgZKz
0
0
0
Not an honor anyone wants: @jetbrains gets the @GitGuardian #infosec vulnerability of the month for their TeamCity CI/CD tool in #CVE-2024-27198 &amp; #CVE-2024-27199. But not without a catfight between #Jetbrains &amp; @Rapid7 who discovered the vulnerability. https://t.co/QHpprwgZKz
0
0
0
https://t.co/1QqvFhiFKo Vulnerability of the Month - Controversy of the JetBrains TeamCity CVE-2024-27198 &amp; CVE-2024-27199
0
0
2
🚨 Explore the controversy of CVE-2024-27198 &amp; CVE-2024-27199 for JetBrains TeamCity! Discover how an authentication bypass vulnerability led to a heated debate on patching practices and its real-world exploits. https://t.co/dwjMKMIBg0 #infosec
0
0
0
The latest update for #GitGuardian includes "Understanding GitGuardian's Self-Hosted Solution" and "Vulnerability of the Month - Controversy of the JetBrains TeamCity CVE-2024-27198 &amp; CVE-2024-27199". #cybersecurity #DevOps #infosec #appsec https://t.co/m6VnqEPmEj
0
0
0
Vulnerability of the Month – Controversy of the JetBrains TeamCity CVE-2024-27198 &amp; CVE-2024-27199: This month we dive into CVE-2024-27198 for JetBrains TeamCity and the controversy surrounding the patching process that contributed to it being exploited… https://t.co/tlFHIvmaf8 https://t.co/PdoBHtaMWQ
0
0
0
The latest update for #GitGuardian includes "Vulnerability of the Month - Controversy of the JetBrains TeamCity CVE-2024-27198 &amp; CVE-2024-27199". #cybersecurity #DevOps #infosec #appsec https://t.co/m6VnqEPmEj
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppJetbrainsteamcity

References

ReferenceLink
[email protected]https://www.jetbrains.com/privacy-security/issues-fixed/
[email protected]https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive
[email protected]https://www.jetbrains.com/privacy-security/issues-fixed/
AF854A3A-2127-422B-91AE-364DA2661108https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive
AF854A3A-2127-422B-91AE-364DA2661108https://www.jetbrains.com/privacy-security/issues-fixed/
[email protected]https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive
[email protected]https://www.jetbrains.com/privacy-security/issues-fixed/
GITHUBhttps://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-23Relative Path TraversalThe software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as .. that can resolve to a location that is outside of that directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence