CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

Basic Information

CVE State: PUBLISHED
Reserved Date: February 21, 2024
Published Date: March 04, 2024
Last Updated: May 30, 2025
Vendor: JetBrains
Product: TeamCity
Description: In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Tags

CVSS Scores

CVSS v3.1

7.3 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

Score: 94.50% (Percentile: 100.00%) as of 2025-05-22

SSVC Information

Exploitation: poc
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2025-04-24 00:00:00 UTC) Source
Seen in APT Campaigns: Yes (added 2025-05-30 00:00:00 UTC) (Earth Lamia) Source

References

https://www.jetbrains.com/privacy-security/issues-fixed/ https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-04-24 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-27199.yaml	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

February 21, 2024
CVE Published to Public

March 04, 2024
Added to KEVIntel

April 24, 2025
Detected by Nuclei

April 26, 2025
Used in Earth Lamia APT Campaign

May 30, 2025