9.8

CVE-2024-27198

Warnung
Medienbericht

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JetBrainsTeamcity Version < 2023.11.4

07.03.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

JetBrains TeamCity Authentication Bypass Vulnerability

Schwachstelle

JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 94.58% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@jetbrains.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.