🔴 CVE-2024-27199

Path traversal vulnerability in JetBrains TeamCity allowing unauthenticated attackers to perform limited admin actions. This CI/CD server is commonly exposed to the internet for developer access and is actively being exploited in the wild.

← Back to Overview
HIGH_RISK
Risk Level
7.3
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
Yes (+45d)
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-03-04

Added to CISA KEV: 2026-04-20 777 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-27199 is a critical security vulnerability affecting JetBrains TeamCity, a widely used continuous integration and build management server. Below is a summary of the known details regarding this vulnerability.

Overview and Impact
  • Vulnerability Type: Path traversal vulnerability (CWE-23) [2].
  • Impact: Successful exploitation allows an unauthenticated attacker to perform limited administrative actions [1]. This can lead to unauthorized configuration changes, such as replacing server certificates, performing a denial-of-service (DoS) attack, or gaining unauthorized access to sensitive information within the CI/CD pipeline [1] [2]. In severe cases, it can enable attackers to manipulate build processes, inject malicious code, or compromise infrastructure connected to the TeamCity server [2].
  • CVSS Score: 7.3 (High) [1].
Exploitation and Threat Activity
  • Active Exploitation: CVE-2024-27199 is confirmed to be actively exploited in the wild and is included in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog [4] [5].
  • Attack Method: The vulnerability is network-based and does not require user interaction to exploit. It leverages a path traversal flaw to bypass security controls [2].
  • Threat Actor Usage: Following its disclosure, mass exploitation activity was observed targeting TeamCity instances, often involving the creation of rogue accounts to maintain persistence or conduct further malicious activities [3].
Affected Versions and Mitigation
  • Affected Versions: JetBrains TeamCity versions prior to 2023.11.4 are vulnerable [1] [6].
  • Patch Status: JetBrains has released patches to address this issue. Organizations running affected versions are strongly advised to update to version 2023.11.4 or later immediately to mitigate the risk of exploitation [1].

Sources

  1. JetBrains TeamCity Vulnerabilities (CVE-2024-27198 & ...

    Two critical vulnerabilities have been discovered and patched in TeamCity, a build management and continuous integration server from JetBrains. ... CVE-2024-27199 is a vulnerability discovered in JetBrains TeamCity versions before 2023.11.4. This vulnerability has a CVSS score of 7.3 - HIGH with exp…

  2. CVE-2024-27199 - Vulnerability Report for TeamCity

    The impact of CVE-2024-27199 can be severe. Attackers may be able to manipulate the build process, inject malicious code, or even compromise the entire infrastructure connected to TeamCity. This could lead to the theft of intellectual property, unauthorized access to production systems, or disruptio…

  3. CVE-2024-27199 - Vulnerability Details - OpenCVE

    MITRE. Status: PUBLISHED."2024-08-02T00:27:59.868Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "tags": ["x_transferred"]}, {"url": "https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-…

  4. NVD - CVE-2024-27199

    An official website of the United States government Here's how you know ... Reference Type. CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27199 Types: US Government Resource.Added. Reference. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?fie…

  5. CVE-2024-27199 — HIGH Vulnerability | CISA KEV | CVSS 7.3 | ThreatClaw

    This is a general overview only — always verify the current patch and remediation status directly with the affected vendor or NVD before taking action. CVE-2024-27199 is a high-severity vulnerability: in JetBrains TeamCity before 2023. CISA KEV confirmed — actively exploited in the wild.

  6. CVE-2024-27199 Description, Impact and Technical Details

    CVE-2024-27199 is a newly disclosed vulnerability affecting JetBrains TeamCity before version 2023.11.4. An attacker could exploit this path traversal issue to carry out limited admin actions within the system, potentially leading to unauthorized configuration changes or data access. This vulnerabil…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed