Skip to content
feed: live about
>_ 0dayNews
CVE Record
[ CRITICAL ] CVE-2024-27198

JetBrains TeamCity Authentication Bypass

An authentication-bypass vulnerability in JetBrains TeamCity's web component allows a remote, unauthenticated attacker to perform admin actions on the CI/CD server, enabling full takeover of build pipelines.

cat cve-2024-27198.json
Vendor
JetBrains
Product
TeamCity
CVSS
9.8
Status
exploited-in-wild
Published

CVE-2024-27198 is an authentication-bypass vulnerability in the web component of JetBrains TeamCity, a widely used continuous-integration and continuous-deployment (CI/CD) server. The flaw allows a remote, unauthenticated attacker to bypass authentication checks and perform administrative actions, including creating new admin accounts.

Rapid7 disclosed the vulnerability and a companion path-traversal flaw (CVE-2024-27199) on March 4, 2024, following coordinated disclosure with JetBrains, which shipped a fix the same day. Within days of disclosure, security researchers and threat-intel firms reported mass scanning and exploitation attempts against internet-facing TeamCity servers, including by ransomware-affiliated actors looking to poison software builds.

Why it mattered

A CI/CD server sits at the center of an organization’s software supply chain — compromise it and an attacker can potentially inject malicious code into every build the organization ships. That makes authentication-bypass flaws in tools like TeamCity especially dangerous: the blast radius extends to every downstream customer of the affected software, not just the breached organization.

JetBrains’ own security bulletin and the NVD record above contain the full technical writeup and patched version numbers.