Vulnerability detail

Enriched intelligence for a single CVE

9.8

CVSS
Critical

CVE-2024-27198

PUBLISHED

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Exploited in the wild Used in malware PoC available Remote Low complexity No user interaction

Vendor: JetBrains
Product: TeamCity
Published: Mar 04, 2024
EPSS: —

Description

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

windows cisa malware ransomware nuclei_scanner metasploit

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2024-03-07 00:00:00 UTC · Source

Used in malware

Recorded 2024-03-07 00:00:00 UTC · Source

Proof of concept available

Recorded 2024-03-06 03:15:03 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Mar 07, 2024

Scanner integrations

Scanner	Reference	Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2024_27198.rb	Apr 28, 2025
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-27198.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

jetbrains_teamcity_rce_cve_2024_27198

metasploit · Created Unknown

Metasploit module for CVE-2024-27198

geniuszly/CVE-2024-27198

github · Created 2024-10-09 13:36:56 UTC · 3 stars

is a PoC tool that targets a vulnerability in the TeamCity server (CVE-2024-27198)

Stuub/RCity-CVE-2024-27198

github · Created 2024-04-22 22:14:24 UTC · 27 stars

CVE-2024-27198 & CVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information

K3ysTr0K3R/CVE-2024-27198-EXPLOIT

github · Created 2024-03-09 22:04:07 UTC · 6 stars

A PoC exploit for CVE-2024-27198 - JetBrains TeamCity Authentication Bypass

CharonDefalt/CVE-2024-27198-RCE

github · Created 2024-03-09 04:04:23 UTC · 2 stars

W01fh4cker/CVE-2024-27198-RCE

github · Created 2024-03-06 03:15:03 UTC · 151 stars

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4

yoryio/CVE-2024-27198

github · Created 2024-03-05 05:43:06 UTC · 33 stars

Exploit for CVE-2024-27198 - TeamCity Server

Chocapikk/CVE-2024-27198

github · Created 2024-03-04 22:44:36 UTC · 34 stars

Proof of Concept for Authentication Bypass in JetBrains TeamCity Pre-2023.11.4

Timeline

CVE ID Reserved

February 21, 2024
CVE Published to Public

March 04, 2024
Proof of Concept Exploit Available

March 06, 2024
Exploit Used in Malware

March 07, 2024
Added to KEVIntel

March 07, 2024
Detected by Nuclei

April 25, 2025
Detected by Metasploit

April 28, 2025