Cyber Resilience

CVE-2024-27198

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 04 March 2024

Published
04 March 2024
Modified
24 October 2025
KEV Added
07 March 2024
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9305 99.8th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-27198 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Jetbrains Teamcity. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2024-27198 is an authentication bypass vulnerability affecting JetBrains TeamCity versions prior to 2023.11.4. The flaw, tracked under CWE-288, permits unauthenticated attackers to perform administrative actions on the continuous integration server, carrying a CVSS 3.1 base score of 9.8 reflecting network-accessible exploitation with no required credentials or user interaction.

An attacker with network access to an unpatched TeamCity instance can directly invoke administrative functionality, resulting in full compromise of confidentiality, integrity, and availability of the build system and any connected resources.

JetBrains has addressed the issue in TeamCity 2023.11.4 and later releases, as documented on its security issues page. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities catalog, indicating that federal agencies and other organizations should prioritize patching according to the agency's guidance.

Public reporting confirms active mass exploitation of the flaw, with threat actors creating rogue administrative accounts on exposed instances. The associated EPSS score reached a peak of 0.9725 and remains elevated at 0.9305.

EU & UK References

Vulnerability details

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

CWE(s)
KEV Date Added
07 March 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

jetbrains
teamcity
≤ 2023.11.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations so that unauthenticated network requests cannot perform administrative actions on TeamCity.

prevent

Requires unique identification and authentication of users before allowing any access, blocking the authentication-bypass path described in CVE-2024-27198.

prevent

Mandates timely application of patches (2023.11.4) to eliminate the specific authentication flaw before exploitation occurs.

References