Active Exploitation of Critical Vulnerability in JetBrains TeamCity On-Premises

Published on 22 Mar 2024

JetBrains has released updates addressing a critical vulnerability (CVE-2024-27198) affecting JetBrains TeamCity On-Premises. The vulnerability is reportedly being actively exploited and has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the authentication bypass vulnerability could allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform remote code execution and gain administrative control over the compromised server.

The vulnerability affects TeamCity On-Premises versions before 2023.11.4.

Users and administrators of affected products are advised to update to the latest version immediately.

More information is available here:

https://blog.jetbrains.com/teamcity/2024/03/investigating-a-compromised-teamcity-on-premises-server/