Vulnerability Details CVE-2024-27199
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Exploit prediction scoring system (EPSS) score
EPSS Score 0.825
EPSS Ranking 99.2%
CVSS Severity
CVSS v3 Score 7.3
References
- https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive
- https://www.jetbrains.com/privacy-security/issues-fixed/
- https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive
- https://www.jetbrains.com/privacy-security/issues-fixed/
- https://github.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.py
Products affected by CVE-2024-27199
-
cpe:2.3:a:jetbrains:teamcity:-
-
cpe:2.3:a:jetbrains:teamcity:10.0
-
cpe:2.3:a:jetbrains:teamcity:10.0.1
-
cpe:2.3:a:jetbrains:teamcity:10.0.2
-
cpe:2.3:a:jetbrains:teamcity:10.0.3
-
cpe:2.3:a:jetbrains:teamcity:10.0.4
-
cpe:2.3:a:jetbrains:teamcity:10.0.5
-
cpe:2.3:a:jetbrains:teamcity:2.0
-
cpe:2.3:a:jetbrains:teamcity:2.1
-
cpe:2.3:a:jetbrains:teamcity:2017.1
-
cpe:2.3:a:jetbrains:teamcity:2017.1.1
-
cpe:2.3:a:jetbrains:teamcity:2017.1.2
-
cpe:2.3:a:jetbrains:teamcity:2017.1.3
-
cpe:2.3:a:jetbrains:teamcity:2017.1.4
-
cpe:2.3:a:jetbrains:teamcity:2017.1.5
-
cpe:2.3:a:jetbrains:teamcity:2017.2
-
cpe:2.3:a:jetbrains:teamcity:2017.2.1
-
cpe:2.3:a:jetbrains:teamcity:2017.2.2
-
cpe:2.3:a:jetbrains:teamcity:2017.2.3
-
cpe:2.3:a:jetbrains:teamcity:2017.2.4
-
cpe:2.3:a:jetbrains:teamcity:2018.1
-
cpe:2.3:a:jetbrains:teamcity:2018.1.1
-
cpe:2.3:a:jetbrains:teamcity:2018.1.2
-
cpe:2.3:a:jetbrains:teamcity:2018.1.3
-
cpe:2.3:a:jetbrains:teamcity:2018.1.4
-
cpe:2.3:a:jetbrains:teamcity:2018.1.5
-
cpe:2.3:a:jetbrains:teamcity:2018.2
-
cpe:2.3:a:jetbrains:teamcity:2018.2.1
-
cpe:2.3:a:jetbrains:teamcity:2018.2.2
-
cpe:2.3:a:jetbrains:teamcity:2018.2.3
-
cpe:2.3:a:jetbrains:teamcity:2018.2.4
-
cpe:2.3:a:jetbrains:teamcity:2018.2.5
-
cpe:2.3:a:jetbrains:teamcity:2019.1
-
cpe:2.3:a:jetbrains:teamcity:2019.1.1
-
cpe:2.3:a:jetbrains:teamcity:2019.1.2
-
cpe:2.3:a:jetbrains:teamcity:2019.1.3
-
cpe:2.3:a:jetbrains:teamcity:2019.1.4
-
cpe:2.3:a:jetbrains:teamcity:2019.1.5
-
cpe:2.3:a:jetbrains:teamcity:2019.2.0
-
cpe:2.3:a:jetbrains:teamcity:2019.2.1
-
cpe:2.3:a:jetbrains:teamcity:2019.2.2
-
cpe:2.3:a:jetbrains:teamcity:2019.2.3
-
cpe:2.3:a:jetbrains:teamcity:2020.1
-
cpe:2.3:a:jetbrains:teamcity:2020.1.1
-
cpe:2.3:a:jetbrains:teamcity:2020.1.2
-
cpe:2.3:a:jetbrains:teamcity:2020.1.3
-
cpe:2.3:a:jetbrains:teamcity:2020.1.4
-
cpe:2.3:a:jetbrains:teamcity:2020.1.5
-
cpe:2.3:a:jetbrains:teamcity:2020.2
-
cpe:2.3:a:jetbrains:teamcity:2020.2.1
-
cpe:2.3:a:jetbrains:teamcity:2020.2.2
-
cpe:2.3:a:jetbrains:teamcity:2020.2.3
-
cpe:2.3:a:jetbrains:teamcity:2020.2.85695
-
cpe:2.3:a:jetbrains:teamcity:2021.2
-
cpe:2.3:a:jetbrains:teamcity:2022.04
-
cpe:2.3:a:jetbrains:teamcity:2022.04.1
-
cpe:2.3:a:jetbrains:teamcity:2022.04.2
-
cpe:2.3:a:jetbrains:teamcity:2022.04.3
-
cpe:2.3:a:jetbrains:teamcity:2022.04.4
-
cpe:2.3:a:jetbrains:teamcity:2022.04.5
-
cpe:2.3:a:jetbrains:teamcity:2022.04.6
-
cpe:2.3:a:jetbrains:teamcity:2022.04.7
-
cpe:2.3:a:jetbrains:teamcity:2022.10
-
cpe:2.3:a:jetbrains:teamcity:2022.10.1
-
cpe:2.3:a:jetbrains:teamcity:2022.10.2
-
cpe:2.3:a:jetbrains:teamcity:2022.10.3
-
cpe:2.3:a:jetbrains:teamcity:2022.10.4
-
cpe:2.3:a:jetbrains:teamcity:2022.10.5
-
cpe:2.3:a:jetbrains:teamcity:2022.10.6
-
cpe:2.3:a:jetbrains:teamcity:2023.05
-
cpe:2.3:a:jetbrains:teamcity:2023.05.1
-
cpe:2.3:a:jetbrains:teamcity:2023.05.2
-
cpe:2.3:a:jetbrains:teamcity:2023.05.3
-
cpe:2.3:a:jetbrains:teamcity:2023.05.4
-
cpe:2.3:a:jetbrains:teamcity:2023.05.5
-
cpe:2.3:a:jetbrains:teamcity:2023.05.6
-
cpe:2.3:a:jetbrains:teamcity:2023.11
-
cpe:2.3:a:jetbrains:teamcity:2023.11.1
-
cpe:2.3:a:jetbrains:teamcity:2023.11.2
-
cpe:2.3:a:jetbrains:teamcity:2023.11.3
-
cpe:2.3:a:jetbrains:teamcity:3.0
-
cpe:2.3:a:jetbrains:teamcity:3.1
-
cpe:2.3:a:jetbrains:teamcity:4.0
-
cpe:2.3:a:jetbrains:teamcity:4.0.1
-
cpe:2.3:a:jetbrains:teamcity:4.0.2
-
cpe:2.3:a:jetbrains:teamcity:4.5
-
cpe:2.3:a:jetbrains:teamcity:5.0
-
cpe:2.3:a:jetbrains:teamcity:5.1
-
cpe:2.3:a:jetbrains:teamcity:6.0
-
cpe:2.3:a:jetbrains:teamcity:6.5
-
cpe:2.3:a:jetbrains:teamcity:7.0
-
cpe:2.3:a:jetbrains:teamcity:7.1
-
cpe:2.3:a:jetbrains:teamcity:8.0
-
cpe:2.3:a:jetbrains:teamcity:8.0.1
-
cpe:2.3:a:jetbrains:teamcity:8.0.2
-
cpe:2.3:a:jetbrains:teamcity:8.0.3
-
cpe:2.3:a:jetbrains:teamcity:8.0.4
-
cpe:2.3:a:jetbrains:teamcity:8.0.5
-
cpe:2.3:a:jetbrains:teamcity:8.0.6
-
cpe:2.3:a:jetbrains:teamcity:8.1
-
cpe:2.3:a:jetbrains:teamcity:8.1.1
-
cpe:2.3:a:jetbrains:teamcity:8.1.2
-
cpe:2.3:a:jetbrains:teamcity:8.1.3
-
cpe:2.3:a:jetbrains:teamcity:8.1.4
-
cpe:2.3:a:jetbrains:teamcity:8.1.5
-
cpe:2.3:a:jetbrains:teamcity:9.0
-
cpe:2.3:a:jetbrains:teamcity:9.0.1
-
cpe:2.3:a:jetbrains:teamcity:9.0.2
-
cpe:2.3:a:jetbrains:teamcity:9.0.3
-
cpe:2.3:a:jetbrains:teamcity:9.0.4
-
cpe:2.3:a:jetbrains:teamcity:9.0.5
-
cpe:2.3:a:jetbrains:teamcity:9.1
-
cpe:2.3:a:jetbrains:teamcity:9.1.1
-
cpe:2.3:a:jetbrains:teamcity:9.1.2
-
cpe:2.3:a:jetbrains:teamcity:9.1.3
-
cpe:2.3:a:jetbrains:teamcity:9.1.4
-
cpe:2.3:a:jetbrains:teamcity:9.1.5
-
cpe:2.3:a:jetbrains:teamcity:9.1.6
-
cpe:2.3:a:jetbrains:teamcity:9.1.7