CVE-2024-27198 — JetBrains TeamCity Authentication Bypass Vulnerability

2024-03-07 • CISA Known Exploited Vulnerability

[event] JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.

> AFFECTED SOFTWARE

Field	Value
Vendor	JetBrains
Product	TeamCity
CWE	CWE-288
CVE ID	CVE-2024-27198
Date Added	2024-03-07
Due Date	2024-03-28
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-03-28