CVE-2024-27199
CVE-2024-27199
In short
JetBrains TeamCity versions before 2023.11.4 had a path traversal vulnerability that allowed attackers to bypass security restrictions and perform certain administrator actions they shouldn't have access to.
Technical detail
A path traversal vulnerability (CWE-23) in TeamCity before 2023.11.4 permitted attackers to traverse directory structures and execute limited administrative functions without proper authorization. The vulnerability required network access to the TeamCity instance but did not necessitate prior authentication for initial exploitation.
Summary generated and translated by AI from the official description.
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
JetBrains · TeamCitypublic PoCs found — 1
cve_referencegithub.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.pyunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.pyhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27199https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrivehttps://www.jetbrains.com/privacy-security/issues-fixed/