JetBrains TeamCity (CVE-2024-27198)
What is JetBrains TeamCity (CVE-2024-27198)?
JetBrains TeamCity (CVE-2024-27198)An authentication bypass in JetBrains TeamCity on-premises that lets unauthenticated attackers take over administrative access and execute code as the build server.
CVE-2024-27198 is a critical authentication bypass in JetBrains TeamCity on-premises servers disclosed in March 2024 by Rapid7. The flaw allows an unauthenticated attacker reaching the TeamCity web interface to access protected endpoints, create an administrator account and execute arbitrary code on the build server. Because TeamCity stores source code, secrets and signs artifacts, a compromise can cascade into a software supply-chain attack. Mass exploitation began within days of disclosure, with state-aligned and ransomware actors deploying webshells and miners. Mitigation requires upgrading to TeamCity 2023.11.4 or applying the official security patch, then auditing accounts, plugins and build artifacts.
● Examples
- 01
An attacker reaches an exposed TeamCity server, creates an admin user and pushes a malicious build step that exfiltrates AWS keys.
- 02
A vendor audits its TeamCity build history for unexpected admin account creation in March 2024.
● Frequently asked questions
What is JetBrains TeamCity (CVE-2024-27198)?
An authentication bypass in JetBrains TeamCity on-premises that lets unauthenticated attackers take over administrative access and execute code as the build server. It belongs to the Vulnerabilities category of cybersecurity.
What does JetBrains TeamCity (CVE-2024-27198) mean?
An authentication bypass in JetBrains TeamCity on-premises that lets unauthenticated attackers take over administrative access and execute code as the build server.
How does JetBrains TeamCity (CVE-2024-27198) work?
CVE-2024-27198 is a critical authentication bypass in JetBrains TeamCity on-premises servers disclosed in March 2024 by Rapid7. The flaw allows an unauthenticated attacker reaching the TeamCity web interface to access protected endpoints, create an administrator account and execute arbitrary code on the build server. Because TeamCity stores source code, secrets and signs artifacts, a compromise can cascade into a software supply-chain attack. Mass exploitation began within days of disclosure, with state-aligned and ransomware actors deploying webshells and miners. Mitigation requires upgrading to TeamCity 2023.11.4 or applying the official security patch, then auditing accounts, plugins and build artifacts.
How do you defend against JetBrains TeamCity (CVE-2024-27198)?
Defences for JetBrains TeamCity (CVE-2024-27198) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for JetBrains TeamCity (CVE-2024-27198)?
Common alternative names include: CVE-2024-27198, TeamCity auth bypass.
● Related terms
- attacks№ 1116
Supply Chain Attack
An attack that compromises a trusted third-party software, hardware, or service provider in order to reach its downstream customers.
- appsec№ 166
CI/CD Security
The set of controls protecting continuous integration and continuous delivery pipelines from compromise, code injection, secret leakage, and unauthorized deployments.
- defense-ops№ 802
Patch Management
The end-to-end process of identifying, testing, deploying, and verifying software updates that fix vulnerabilities or bugs.