Vulnerabilities > CVE-2024-27198 - Unspecified vulnerability in Jetbrains Teamcity
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Vulnerable Configurations
Related news
- Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' (source)
- TeamCity auth bypass bug exploited to mass-generate admin accounts (source)
- Critical TeamCity flaw now widely exploited to create admin accounts (source)
- CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability (source)
- TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (source)
- Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware (source)
References
- https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive
- https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive
- https://www.jetbrains.com/privacy-security/issues-fixed/
- https://www.jetbrains.com/privacy-security/issues-fixed/