PT-2024-2116 · Jetbrains · Teamcity

Published

2024-03-04

Updated

2026-05-04

CVE-2024-27199

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.11.4

Description A path traversal issue exists that allows for the bypass of authentication procedures by using an alternative path or channel. This can enable a remote attacker to perform limited administrative actions, including the creation of an unauthorized administrator account by bypassing 403 errors on a domain. Active exploitation of this issue has been confirmed.

Recommendations Update to version 2023.11.4 or later.

Exploit

Fix

Relative Path Traversal

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23CWE-22

Related Identifiers

BDU:2024-02014

CVE-2024-27199

Affected Products

Teamcity

PT-2024-2116 · Jetbrains · Teamcity

CVE-2024-27199

Weakness Enumeration

Related Identifiers

Affected Products

References · 135