{"uuid": "b6cd7a00-e306-40ce-85d5-2b16b9be7f67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/cyberwarehouse/343", "content": "CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)\n\n\ud83d\udc64 by Rapid7\n\nIn February 2024, Rapid7\u2019s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server:\n\n\u2022 CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288) and has a CVSS base score of 9.8 (Critical).\n\n\u2022 CVE-2024-27199 is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue (CWE-22) and has a CVSS base score of 7.3 (High).\n\n\ud83d\udcdd Contents:\n\u25cf Overview\n\u25cf Impact\n\u25cf Remediation\n\u25cf Analysis\n    \u2022 CVE-2024-27198\n    \u2022 CVE-2024-27199\n\u25cf Rapid7 customers\n\u25cf Timeline\n\nhttps://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2026-07-17T11:00:05.483513Z"}