CVE-2024-27198

Published Mar 4, 2024

Last updated 4 months ago

Exploit knownCVSS critical 9.8
Cloud

Overview

Description
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Source
cve@jetbrains.com
NVD status
Analyzed
Products
teamcity

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
JetBrains TeamCity Authentication Bypass Vulnerability
Exploit added on
Mar 7, 2024
Exploit action due
Mar 28, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@jetbrains.com
CWE-288
nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

  1. CI/CD COMPROMISE. We break down the catastrophic TeamCity Authentication Bypass (CVE-2024-27198), which allows unauthenticated access to your core build and deployment environment. This is the definition of a supply chain threat. Read the full report on - https://t.co/MPnHlqGhZU

    @cyberbivash

    29 Sept 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Exploited TeamCity 2023.11.3 via CVE-2024-27198 auth bypass to gain RCE using Metasploit-delivered malicious plugin. Splunk used for forensic analysis revealing backdoor user and malicious activities. #TeamCityExploits #SplunkAnalysis https://t.co/1jsee1wgFm

    @TweetThreatNews

    29 Sept 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Alert Background: Some of the key vulnerabilities they have exploited include CVE-2017-9805 (Apache Struts), CVE-2021-22205 (GitLab), CVE-2024-9047 (WordPress), CVE-2024-27198 and CVE-2024-27199 (TeamCity), CVE-2024-51378 and CVE-2024-51567 (CyberPanel) https://t.co/dSfmGWyicJ

    @KootekSecurity

    31 May 2025

    82 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Investigating APT29 Exploiting TeamCity CVE-2024-27198 https://t.co/QVotkQvqQh #APT29 #CyberSecurity #TeamCity #CVE202427198 #ThreatIntelligence

    @MokraniMoustafa

    8 Mar 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2024-27198

    @transilienceai

    1 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Great post with investigation of nation state actor APT29 Exploiting TeamCity CVE-2024-27198APT29 Exploiting TeamCity CVE-2024-27198 https://t.co/emhHZSHkhm

    @OvidiuPismac

    24 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurationsCVE-2026-28195
  2. In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on diskCVE-2026-28196
  3. In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flowCVE-2026-28194
  4. A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.CVE-2025-67601
  5. A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.CVE-2025-62878

References

Sources include official advisories and independent security research.