NVD - CVE-2024-27198 (original) (raw)
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Metrics
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:
NIST: NVD
NVD assessment not yet provided.
CVSS 3.x Severity and Vector Strings:
CNA: JetBrains s.r.o.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
NIST: NVD
Base Score: N/A
NVD assessment not yet provided.
This CVE is in CISA's Known Exploited Vulnerabilities Catalog
Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.
| Vulnerability Name | Date Added | Due Date | Required Action |
|---|---|---|---|
| JetBrains TeamCity Authentication Bypass Vulnerability | 03/07/2024 | 03/28/2024 | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
Weakness Enumeration
| CWE-ID | CWE Name | Source |
|---|---|---|
| NVD-CWE-Other | Other | NIST |
| CWE-288 | Authentication Bypass Using an Alternate Path or Channel | JetBrains s.r.o. |
Known Affected Software Configurations Switch to CPE 2.2
Change History
13 change records found show changes
Modified Analysis by NIST 10/24/2025 4:48:18 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference Type | CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2024-27198 Types: US Government Resource |
CVE Modified by CISA-ADP 10/21/2025 7:16:26 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2024-27198 |
CVE Modified by CISA-ADP 10/21/2025 4:20:00 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Removed | Reference | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2024-27198 |
CVE Modified by CISA-ADP 10/21/2025 3:20:41 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2024-27198 |
Modified Analysis by NIST 11/29/2024 11:25:32 AM
| Action | Type | Old Value | New Value |
|---|
CVE Modified by CVE 11/21/2024 4:04:04 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive | |
| Added | Reference | https://www.jetbrains.com/privacy-security/issues-fixed/ |
CVE Modified by JetBrains s.r.o. 6/04/2024 3🔞56 PM
| Action | Type | Old Value | New Value |
|---|
Modified Analysis by NIST 5/23/2024 1:57:49 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | Reference Type | https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive No Types Assigned | https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive Press/Media Coverage, Third Party Advisory |
CVE Modified by JetBrains s.r.o. 5/14/2024 11:11:42 AM
| Action | Type | Old Value | New Value |
|---|
CVE Modified by JetBrains s.r.o. 3/11/2024 11:15:47 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | JetBrains s.r.o. https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive [No types assigned] |
CVE CISA KEV Update by Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government 3/07/2024 9:00:01 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Date Added | 2024-03-07 | |
| Added | Due Date | 2024-03-28 | |
| Added | Required Action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | |
| Added | Vulnerability Name | JetBrains TeamCity Authentication Bypass Vulnerability |
Initial Analysis by NIST 3/05/2024 2:01:18 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |
| Added | CWE | NIST NVD-CWE-Other | |
| Added | CPE Configuration | OR *cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:* versions up to (excluding) 2023.11.4 | |
| Changed | Reference Type | https://www.jetbrains.com/privacy-security/issues-fixed/ No Types Assigned | https://www.jetbrains.com/privacy-security/issues-fixed/ Vendor Advisory |
New CVE Received from JetBrains s.r.o. 3/04/2024 1:15:09 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | |
| Added | CVSS V3.1 | JetBrains s.r.o. AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |
| Added | CWE | JetBrains s.r.o. CWE-288 | |
| Added | Reference | JetBrains s.r.o. https://www.jetbrains.com/privacy-security/issues-fixed/ [No types assigned] |