CVE-2024-27199

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.11.4

Description The issue is related to path traversal, allowing limited admin actions to be performed. It is also associated with bypassing authentication procedures, potentially enabling remote attackers to execute arbitrary actions. The vulnerability may allow for the creation of an unauthorized admin account in the TeamCity server by bypassing 403 errors in the domain.

Recommendations For versions prior to 2023.11.4, update to version 2023.11.4 or later to resolve the issue. As a temporary workaround, consider restricting access to admin functionalities until the update is applied. Avoid using alternative paths or channels that could be exploited to bypass authentication.