CVE-2024-27199

Description

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

CVSS breakdown

Affected products

• JetBrains / TeamCity0 – 2023.11.4

Exploits & PoCs

• nucleiTeamCity < 2023.11.4 - Authentication Bypassby DhiyaneshDk

References

• MISChttps://www.jetbrains.com/privacy-security/issues-fixed/
• MISChttps://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive