CVE-2024-27198 - Vulnerability Details - OpenCVE

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since March 7, 2024.

Exploitation active

Automatable Yes

Technical Impact Total

Vendors	Products
Jetbrains	Teamcity

Configuration 1 [-]

cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive
https://www.jetbrains.com/privacy-security/issues-fixed/

History

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2024-03-07'}` ssvc `{'options': {'Automatable': 'Yes', 'Exploitation': 'active', 'Technical Impact': 'Total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: JetBrains

Published: 2024-03-04T17:21:39.422Z

Updated: 2025-02-13T17:46:19.582Z

Reserved: 2024-02-21T09:53:25.185Z

Link: CVE-2024-27198

Vulnrichment

Updated: 2024-08-02T00:27:59.636Z

NVD

Status : Analyzed

Published: 2024-03-04T18:15:09.040

Modified: 2024-11-29T16:25:32.523

Link: CVE-2024-27198

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27198", "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "state": "PUBLISHED", "assignerShortName": "JetBrains", "dateReserved": "2024-02-21T09:53:25.185Z", "datePublished": "2024-03-04T17:21:39.422Z", "dateUpdated": "2025-02-13T17:46:19.582Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "shortName": "JetBrains", "dateUpdated": "2024-03-11T14:14:49.293Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-288", "cweId": "CWE-288"}]}], "affected": [{"vendor": "JetBrains", "product": "TeamCity", "versions": [{"version": "0", "status": "affected", "lessThan": "2023.11.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible"}], "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"}, {"url": "https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27198", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "Yes"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-03-20T14:07:07.365272Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-03-07", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-27198"}}}], "affected": [{"cpes": ["cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*"], "vendor": "jetbrains", "product": "teamcity", "versions": [{"status": "affected", "version": "0", "lessThan": "2023.11.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:50.489Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.636Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "tags": ["x_transferred"]}, {"url": "https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "tags": ["x_transferred"]}, {"url": "https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.636Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27198", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "Yes"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-03-20T14:07:07.365272Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-03-07", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-27198"}}}], "affected": [{"cpes": ["cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*"], "vendor": "jetbrains", "product": "teamcity", "versions": [{"status": "affected", "version": "0", "lessThan": "2023.11.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T17:13:11.523Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "JetBrains", "product": "TeamCity", "versions": [{"status": "affected", "version": "0", "lessThan": "2023.11.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"}, {"url": "https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive"}], "descriptions": [{"lang": "en", "value": "In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-288", "description": "CWE-288"}]}], "providerMetadata": {"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "shortName": "JetBrains", "dateUpdated": "2024-03-11T14:14:49.293Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27198", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:46:19.582Z", "dateReserved": "2024-02-21T09:53:25.185Z", "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "datePublished": "2024-03-04T17:21:39.422Z", "assignerShortName": "JetBrains"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-03-28", "cisaExploitAdd": "2024-03-07", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "JetBrains TeamCity Authentication Bypass Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", "matchCriteriaId": "66B25AF5-F103-4A5C-8A39-901357131404", "versionEndExcluding": "2023.11.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible"}, {"lang": "es", "value": "En JetBrains TeamCity antes de 2023.11.4 era posible omitir la autenticaci\u00f3n permitiendo realizar acciones administrativas"}], "id": "CVE-2024-27198", "lastModified": "2024-11-29T16:25:32.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve@jetbrains.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-04T18:15:09.040", "references": [{"source": "cve@jetbrains.com", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive"}, {"source": "cve@jetbrains.com", "tags": ["Vendor Advisory"], "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"}], "sourceIdentifier": "cve@jetbrains.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "cve@jetbrains.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}