CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Basic Information

CVE State: PUBLISHED
Reserved Date: February 21, 2024
Published Date: March 04, 2024
Last Updated: February 13, 2025
Vendor: JetBrains
Product: TeamCity
Description: In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source	Added Date
CISA	2024-03-07 00:00:00 UTC

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2024_27198.rb	2025-04-29 11:01:22 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-27198.yaml	2025-04-26 00:00:00 UTC

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Type: metasploit • Created: Unknown

Metasploit module for CVE-2024-27198

Type: github • Created: 2024-10-09 13:36:56 UTC • Stars: 3

is a PoC tool that targets a vulnerability in the TeamCity server (CVE-2024-27198)

Type: github • Created: 2024-04-22 22:14:24 UTC • Stars: 27

CVE-2024-27198 & CVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information

Type: github • Created: 2024-03-09 22:04:07 UTC • Stars: 6

A PoC exploit for CVE-2024-27198 - JetBrains TeamCity Authentication Bypass

Type: github • Created: 2024-03-09 04:04:23 UTC • Stars: 2

Type: github • Created: 2024-03-06 03:15:03 UTC • Stars: 151

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4

Type: github • Created: 2024-03-05 05:43:06 UTC • Stars: 33

Exploit for CVE-2024-27198 - TeamCity Server

Type: github • Created: 2024-03-04 22:44:36 UTC • Stars: 34

Proof of Concept for Authentication Bypass in JetBrains TeamCity Pre-2023.11.4