CVE-2024-27198

Warning

Media report

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Affected products Warnungen 1 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

JetBrains ≫ Teamcity Version < 2023.11.4

JetBrains TeamCity Authentication Bypass Vulnerability

Vulnerability

JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.58%	1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@jetbrains.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Vendor Advisory

Third Party Advisory

Press/Media Coverage

CVE Source (NVD)

CVE Source (JSON)

EUVD