CVE-2024-27198
Published: 04 March 2024
Summary
CVE-2024-27198 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Jetbrains Teamcity. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
CVE-2024-27198 is an authentication bypass vulnerability affecting JetBrains TeamCity versions prior to 2023.11.4. The flaw, tracked under CWE-288, permits unauthenticated attackers to perform administrative actions on the continuous integration server, carrying a CVSS 3.1 base score of 9.8 reflecting network-accessible exploitation with no required credentials or user interaction.
An attacker with network access to an unpatched TeamCity instance can directly invoke administrative functionality, resulting in full compromise of confidentiality, integrity, and availability of the build system and any connected resources.
JetBrains has addressed the issue in TeamCity 2023.11.4 and later releases, as documented on its security issues page. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities catalog, indicating that federal agencies and other organizations should prioritize patching according to the agency's guidance.
Public reporting confirms active mass exploitation of the flaw, with threat actors creating rogue administrative accounts on exposed instances. The associated EPSS score reached a peak of 0.9725 and remains elevated at 0.9305.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-24437
Vulnerability details
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
- CWE(s)
- KEV Date Added
- 07 March 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces approved authorizations so that unauthenticated network requests cannot perform administrative actions on TeamCity.
Requires unique identification and authentication of users before allowing any access, blocking the authentication-bypass path described in CVE-2024-27198.
Mandates timely application of patches (2023.11.4) to eliminate the specific authentication flaw before exploitation occurs.