CVE-2024-27198

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.11.4

Description JetBrains TeamCity contains an authentication bypass issue due to an alternative path vulnerability. Successful exploitation allows an unauthenticated attacker to perform any action, including creating a user with system administrator privileges. Publicly available exploits exist. This vulnerability has been actively exploited in the wild, with reports of ransomware attacks and DDoS activity. The vulnerability allows attackers to bypass authentication checks and gain administrative access to the server. The payload for exploitation involves a specific request: /hax?jsp=/app/rest/server;.jsp. APT29 has been observed exploiting this vulnerability.

Recommendations Update JetBrains TeamCity to version 2023.11.4 or later.