Cyber Resilience

CVE-2024-27199

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 04 March 2024

Published
04 March 2024
Modified
21 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.9093 99.7th percentile
Risk Priority 89 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-27199 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Jetbrains Teamcity. Its CVSS base score is 7.3 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-27199 is a path traversal vulnerability, tracked under CWE-23 and CWE-22, that affects JetBrains TeamCity versions prior to 2023.11.4. The flaw permits unauthorized access to perform a limited set of administrative actions on the server. It carries a CVSS 3.1 base score of 7.3, reflecting network attack vector, low complexity, and no required authentication or user interaction.

Unauthenticated remote attackers can exploit the issue over the network to conduct limited administrative operations that would normally require elevated privileges. Successful exploitation can lead to partial compromise of confidentiality, integrity, and availability within the TeamCity instance.

JetBrains has addressed the vulnerability in TeamCity 2023.11.4 and later releases, as documented on its official security issues page. Administrators are advised to apply the available updates promptly to eliminate the path traversal vector.

Public reporting indicates active mass exploitation of the flaw in the wild, with threat actors creating rogue administrative accounts. The associated EPSS score has reached a peak of 0.9449 and currently stands at 0.9093, while proof-of-concept code has been published on GitHub.

EU & UK References

Vulnerability details

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

CWE(s)
KEV Date Added
See CISA KEV catalog

Related Threats

Threat-Actor AttributionAI

Cl0paka Clop
Ransomware group linked to mass exploitation of TeamCity CVE-2024-27199 per CISA KEV ransomware-use flag and public reporting.

Affected Assets

jetbrains
teamcity
≤ 2023.11.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authenticated access to administrative functions, blocking the path-traversal bypass that lets unauthenticated attackers perform restricted TeamCity actions.

prevent

Requires validation and sanitization of user-supplied file paths, directly mitigating the CWE-22/23 traversal that enables the limited-admin actions.

prevent

Mandates timely application of the vendor patch (TeamCity 2023.11.4) that eliminates the path-traversal flaw being actively exploited in the wild.

References