{"vulnerability": "CVE-2024-27198", "sightings": [{"uuid": "dba9839c-3ad5-4b1b-8ea9-3a655e0f0801", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-27)", "content": "", "creation_timestamp": "2025-01-27T00:00:00.000000Z"}, {"uuid": "910ee7ce-093d-452c-b391-0871aa7c6f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-23)", "content": "", "creation_timestamp": "2025-01-23T00:00:00.000000Z"}, {"uuid": "e825a38a-1b8b-4933-8ce4-2c519e1a090d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-27)", "content": "", "creation_timestamp": "2024-12-27T00:00:00.000000Z"}, {"uuid": "80e1a013-dd0d-4b9b-a30e-47134546e8c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-03-08T00:10:03.000000Z"}, {"uuid": "b13ba765-c2be-450c-9727-171112f819a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-23)", "content": "", "creation_timestamp": "2024-12-23T00:00:00.000000Z"}, {"uuid": "ee2acb7f-a3a3-45a3-ba1f-da4cfb93157e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "80e84285-50fe-4fa9-847b-5fe117da753b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-27)", "content": "", "creation_timestamp": "2025-01-27T00:00:00.000000Z"}, {"uuid": "a70ef084-c9d4-4eb9-a2c9-8e4626fdb28d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-11)", "content": "", "creation_timestamp": "2025-01-11T00:00:00.000000Z"}, {"uuid": "5187745b-c12c-4d32-a5cc-92ed12b03c4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-05)", "content": "", "creation_timestamp": "2025-01-05T00:00:00.000000Z"}, {"uuid": "2aa6fe85-6f7d-441f-9cf6-515eead3b106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-04)", "content": "", "creation_timestamp": "2025-01-04T00:00:00.000000Z"}, {"uuid": "ca2711d8-b75a-42ba-b76f-929cb05de65b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-08)", "content": "", "creation_timestamp": "2025-01-08T00:00:00.000000Z"}, {"uuid": "2a9b87de-54ac-410a-90f5-005ea8eec42b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-27)", "content": "", "creation_timestamp": "2024-11-27T00:00:00.000000Z"}, {"uuid": "5c482d7f-71f4-46cb-964d-1e1719eef10b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-10-27)", "content": "", "creation_timestamp": "2024-10-27T00:00:00.000000Z"}, {"uuid": "b2a4f4d2-bf1e-49a3-89ed-e909346c851b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-08)", "content": "", "creation_timestamp": "2024-11-08T00:00:00.000000Z"}, {"uuid": "7c4560ac-46c2-4ae4-874f-5febcce07bfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-04)", "content": "", "creation_timestamp": "2024-11-04T00:00:00.000000Z"}, {"uuid": "d5c92b96-de94-424f-8e11-032e3d03d3b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-24)", "content": "", "creation_timestamp": "2024-11-24T00:00:00.000000Z"}, {"uuid": "57875fd2-983e-43fb-a79a-06aa67fd6bb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-10)", "content": "", "creation_timestamp": "2025-02-10T00:00:00.000000Z"}, {"uuid": "e0e9df1b-504d-4ae4-a829-0d8dc51ed96a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-08)", "content": "", "creation_timestamp": "2025-02-08T00:00:00.000000Z"}, {"uuid": "e33e3248-368d-421a-a69a-884052e84636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-08)", "content": "", "creation_timestamp": "2025-02-08T00:00:00.000000Z"}, {"uuid": "5c08c358-a981-4a37-93c6-602a454ecda0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-14)", "content": "", "creation_timestamp": "2024-12-14T00:00:00.000000Z"}, {"uuid": "03610ddb-f6ec-447e-b7f0-ae97c5686407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-04)", "content": "", "creation_timestamp": "2024-12-04T00:00:00.000000Z"}, {"uuid": "6d9f4e94-fec9-4d31-a41f-96b0669bc991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-21)", "content": "", "creation_timestamp": "2025-01-21T00:00:00.000000Z"}, {"uuid": "76b80b27-842f-436a-9c59-94750b02ff15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-11-24)", "content": "", "creation_timestamp": "2024-11-24T00:00:00.000000Z"}, {"uuid": "6cba6fcc-09c2-4c53-b404-412c7eaffe96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "48c3503a-d058-40f6-ba5b-dc235c260ad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:01.000000Z"}, {"uuid": "3f801d37-384e-434e-9f68-e72f13509876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-09)", "content": "", "creation_timestamp": "2025-02-09T00:00:00.000000Z"}, {"uuid": "d939df22-4beb-47f5-9d48-0bf02a2d9ac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-09)", "content": "", "creation_timestamp": "2025-02-09T00:00:00.000000Z"}, {"uuid": "14640902-579f-45a1-87b8-35787d537088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-10)", "content": "", "creation_timestamp": "2025-02-10T00:00:00.000000Z"}, {"uuid": "3ef9b9a9-d3dd-465f-b740-d23612cd4352", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-24)", "content": "", "creation_timestamp": "2025-02-24T00:00:00.000000Z"}, {"uuid": "3a28cd04-19f4-48a5-82bd-0ae75cb994ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-04)", "content": "", "creation_timestamp": "2025-03-04T00:00:00.000000Z"}, {"uuid": "a354b648-9f9f-4635-8d1c-5f25be46ff8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-12)", "content": "", "creation_timestamp": "2025-02-12T00:00:00.000000Z"}, {"uuid": "c7c7bfa7-e8b0-452f-8fbe-b7e64b710166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-12)", "content": "", "creation_timestamp": "2025-02-12T00:00:00.000000Z"}, {"uuid": "efbb2968-0364-41dc-9d3b-5d2b6d404387", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-26)", "content": "", "creation_timestamp": "2025-02-26T00:00:00.000000Z"}, {"uuid": "d5f5e558-15f4-44c3-8d39-5f253efee638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-14)", "content": "", "creation_timestamp": "2025-02-14T00:00:00.000000Z"}, {"uuid": "e98511b1-f510-4ab8-9ec7-2757a34cc049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-24)", "content": "", "creation_timestamp": "2025-02-24T00:00:00.000000Z"}, {"uuid": "78b67efa-beba-429e-a067-6789cfe0a914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-15)", "content": "", "creation_timestamp": "2025-02-15T00:00:00.000000Z"}, {"uuid": "52c40881-1df8-4625-963f-95ea8f1ff1cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-15)", "content": "", "creation_timestamp": "2025-02-15T00:00:00.000000Z"}, {"uuid": "fa0f134a-6c0a-40f0-8762-7c3202fb8f57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-14)", "content": "", "creation_timestamp": "2025-03-14T00:00:00.000000Z"}, {"uuid": "d8b0ab0f-30f8-4288-92f3-abcf32efc8e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-14)", "content": "", "creation_timestamp": "2025-02-14T00:00:00.000000Z"}, {"uuid": "83d99a15-8ccb-4c7a-9375-1186f4c61214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-20)", "content": "", "creation_timestamp": "2025-03-20T00:00:00.000000Z"}, {"uuid": "b32157ff-af15-4dbf-ae57-24c8f1110443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-17)", "content": "", "creation_timestamp": "2025-02-17T00:00:00.000000Z"}, {"uuid": "b18169d3-9bcd-409d-8edc-9dc0131f385c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-17)", "content": "", "creation_timestamp": "2025-02-17T00:00:00.000000Z"}, {"uuid": "75957da9-7901-47c8-b91a-98e49caf9423", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-24)", "content": "", "creation_timestamp": "2025-03-24T00:00:00.000000Z"}, {"uuid": "e8561d17-3610-4be3-9ec6-9cf884837256", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-18)", "content": "", "creation_timestamp": "2025-02-18T00:00:00.000000Z"}, {"uuid": "4ae47a83-39fc-43f7-ab89-55a1707f2ffd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-21)", "content": "", "creation_timestamp": "2025-03-21T00:00:00.000000Z"}, {"uuid": "6697150e-798c-4850-b175-360adc35247a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-28)", "content": "", "creation_timestamp": "2025-02-28T00:00:00.000000Z"}, {"uuid": "c09ec2ac-b849-41db-b84a-eb04535eb0ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-23)", "content": "", "creation_timestamp": "2025-02-23T00:00:00.000000Z"}, {"uuid": "45193087-5e65-4a06-a86c-f59057b3cd7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-21)", "content": "", "creation_timestamp": "2025-03-21T00:00:00.000000Z"}, {"uuid": "50b28f0b-b17b-49e4-8b01-23f437c44b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-23)", "content": "", "creation_timestamp": "2025-02-23T00:00:00.000000Z"}, {"uuid": "5aaf8bd3-fee9-4ffd-90b8-903b8324b025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-02)", "content": "", "creation_timestamp": "2025-03-02T00:00:00.000000Z"}, {"uuid": "1170d2fc-e27a-4dd6-9684-9f47ae56bf33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:53.000000Z"}, {"uuid": "bb4daf37-f44d-4ef8-b90b-673eb489d439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-28)", "content": "", "creation_timestamp": "2025-02-28T00:00:00.000000Z"}, {"uuid": "f5264b00-0ee5-4f9e-bc43-c75d345d8695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-15)", "content": "", "creation_timestamp": "2025-03-15T00:00:00.000000Z"}, {"uuid": "23d73706-dd98-42fc-ba32-f87f0dc3d1d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-25)", "content": "", "creation_timestamp": "2025-02-25T00:00:00.000000Z"}, {"uuid": "1a451b72-a97d-4bef-9130-aad44d368a8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-06)", "content": "", "creation_timestamp": "2025-04-06T00:00:00.000000Z"}, {"uuid": "fa7e8b93-3bbe-492c-93af-faeb17071af0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-01)", "content": "", "creation_timestamp": "2025-03-01T00:00:00.000000Z"}, {"uuid": "8701ebc1-b91a-4423-b54a-01bb34cf68f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-27)", "content": "", "creation_timestamp": "2025-03-27T00:00:00.000000Z"}, {"uuid": "7e81f116-5d73-46da-98bc-9fbcc084626a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-06)", "content": "", "creation_timestamp": "2025-03-06T00:00:00.000000Z"}, {"uuid": "0c3bce3a-0c24-41b1-8451-e7ab755809e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-14)", "content": "", "creation_timestamp": "2025-07-14T00:00:00.000000Z"}, {"uuid": "f698a72e-c8ea-46df-bb7e-c90f07c217a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-21)", "content": "", "creation_timestamp": "2025-06-21T00:00:00.000000Z"}, {"uuid": "ddd42188-3b03-430c-b5c4-ec7a69684460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-18)", "content": "", "creation_timestamp": "2025-05-18T00:00:00.000000Z"}, {"uuid": "692e0269-082f-42c4-9358-590ee368fa82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-13)", "content": "", "creation_timestamp": "2025-04-13T00:00:00.000000Z"}, {"uuid": "3f8d9247-213a-47fe-9f4c-7b5ebbee71aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-17)", "content": "", "creation_timestamp": "2025-06-17T00:00:00.000000Z"}, {"uuid": "c9ca8624-5024-485f-95ba-30df8bc8445a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-12)", "content": "", "creation_timestamp": "2025-04-12T00:00:00.000000Z"}, {"uuid": "0d0c43ae-93ac-436f-b1e3-4fe4017718ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-07)", "content": "", "creation_timestamp": "2025-06-07T00:00:00.000000Z"}, {"uuid": "d17f2353-21d6-4882-80fa-de9cfbc5b8da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-26)", "content": "", "creation_timestamp": "2025-05-26T00:00:00.000000Z"}, {"uuid": "35116e3f-b9b8-467c-959e-d67097967661", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-11)", "content": "", "creation_timestamp": "2025-04-11T00:00:00.000000Z"}, {"uuid": "e0c1c2f8-22f4-43c0-b077-7dbe2a13a33e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-16)", "content": "", "creation_timestamp": "2025-04-16T00:00:00.000000Z"}, {"uuid": "355d6ed9-c9ec-40e5-be35-80ee07661421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-21)", "content": "", "creation_timestamp": "2025-04-21T00:00:00.000000Z"}, {"uuid": "8565aeff-a21b-4823-9797-f69a4ade8213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-19)", "content": "", "creation_timestamp": "2025-06-19T00:00:00.000000Z"}, {"uuid": "55ebbfd5-c08b-48cf-9c5d-7952720b35a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-19)", "content": "", "creation_timestamp": "2025-04-19T00:00:00.000000Z"}, {"uuid": "5a67280a-47bd-4dcd-80ac-67dc679a3e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-15)", "content": "", "creation_timestamp": "2025-07-15T00:00:00.000000Z"}, {"uuid": "2f83971b-ea8c-4c2e-a781-05b4ddab3efc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-22)", "content": "", "creation_timestamp": "2025-04-22T00:00:00.000000Z"}, {"uuid": "1312bd6c-997d-4d93-a49e-104137973235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://bsky.app/profile/kooteksec.bsky.social/post/3lqhsbnof2c22", "content": "", "creation_timestamp": "2025-05-31T12:56:38.676467Z"}, {"uuid": "3140e75a-ef9b-4562-ba14-83cf7418c0ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-26)", "content": "", "creation_timestamp": "2025-04-26T00:00:00.000000Z"}, {"uuid": "29edaae6-7252-4dc4-bb13-720524b71162", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-23)", "content": "", "creation_timestamp": "2025-04-23T00:00:00.000000Z"}, {"uuid": "7e15e598-7ac4-49a6-bd0c-14765a72242a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-08)", "content": "", "creation_timestamp": "2025-06-08T00:00:00.000000Z"}, {"uuid": "d796b83a-adcc-42c4-a363-a3c12bdee923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-26)", "content": "", "creation_timestamp": "2025-06-26T00:00:00.000000Z"}, {"uuid": "4df7f56b-cd94-456e-9ccc-9704ec82654d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-24)", "content": "", "creation_timestamp": "2025-04-24T00:00:00.000000Z"}, {"uuid": "b3ffaede-793d-4916-a710-5ac21de52038", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-27)", "content": "", "creation_timestamp": "2025-04-27T00:00:00.000000Z"}, {"uuid": "76f94bad-a053-425f-adb6-d50a900a03b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-24)", "content": "", "creation_timestamp": "2025-04-24T00:00:00.000000Z"}, {"uuid": "089e8923-ca2b-4db7-a46c-2a37e6359d1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-20)", "content": "", "creation_timestamp": "2025-06-20T00:00:00.000000Z"}, {"uuid": "c21aa382-1793-43b4-bc1c-0bb976422421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-28)", "content": "", "creation_timestamp": "2025-04-28T00:00:00.000000Z"}, {"uuid": "b878c701-b19e-4a72-8fd0-48570dbd990f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-01)", "content": "", "creation_timestamp": "2025-05-01T00:00:00.000000Z"}, {"uuid": "06930cc5-c8bf-47f0-9232-48de48a1e0bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-23)", "content": "", "creation_timestamp": "2025-06-23T00:00:00.000000Z"}, {"uuid": "f363548f-6f12-4dee-81db-d248cd7ecd4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-04)", "content": "", "creation_timestamp": "2025-05-04T00:00:00.000000Z"}, {"uuid": "4b129ed5-e684-433a-bfb1-102f9074b23c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-04)", "content": "", "creation_timestamp": "2025-05-04T00:00:00.000000Z"}, {"uuid": "026777c2-54d4-4858-909b-dd310b9b20e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-24)", "content": "", "creation_timestamp": "2025-05-24T00:00:00.000000Z"}, {"uuid": "29afacf3-a16f-4f88-93ec-85a7de589da1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-29)", "content": "", "creation_timestamp": "2025-04-29T00:00:00.000000Z"}, {"uuid": "bb40f80e-fbe3-4639-b565-6f8dc6d08c5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-10)", "content": "", "creation_timestamp": "2025-06-10T00:00:00.000000Z"}, {"uuid": "986726b9-9990-4f85-914b-86d05398bd11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-04)", "content": "", "creation_timestamp": "2025-06-04T00:00:00.000000Z"}, {"uuid": "2485db30-5ab1-409f-bb38-6ff7bda72ffe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-25)", "content": "", "creation_timestamp": "2025-06-25T00:00:00.000000Z"}, {"uuid": "94be3ea7-2f10-44d1-a177-0e5aec3e4d61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-10)", "content": "", "creation_timestamp": "2025-05-10T00:00:00.000000Z"}, {"uuid": "1e01c52d-4251-434d-ab28-e957d30f0645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-29)", "content": "", "creation_timestamp": "2025-06-29T00:00:00.000000Z"}, {"uuid": "25da28c0-218e-4259-a409-c7aa88de9443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-04)", "content": "", "creation_timestamp": "2025-07-04T00:00:00.000000Z"}, {"uuid": "0ff07db7-acd1-42de-8995-fb0f5a220c83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-25)", "content": "", "creation_timestamp": "2025-07-25T00:00:00.000000Z"}, {"uuid": "3918ed31-55f2-47ff-a79f-ba12fa28ed04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-27)", "content": "", "creation_timestamp": "2025-06-27T00:00:00.000000Z"}, {"uuid": "87aac9fe-3e88-4baf-969e-d9f3e683a7ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-16)", "content": "", "creation_timestamp": "2025-07-16T00:00:00.000000Z"}, {"uuid": "9e77d7de-5146-43e4-8e0a-a382cb10e279", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-23)", "content": "", "creation_timestamp": "2025-07-23T00:00:00.000000Z"}, {"uuid": "22039d17-eb4b-4cc1-95eb-d50abce9a83e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "49f66876-dade-490e-bb90-8702286b0e4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-24)", "content": "", "creation_timestamp": "2025-07-24T00:00:00.000000Z"}, {"uuid": "81786f1d-aeac-42be-91d2-e4aa3d90244c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-27198", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3lzuxrfaz4il2", "content": "", "creation_timestamp": "2025-09-28T07:26:17.241467Z"}, {"uuid": "cfc1cf84-00ed-45db-969c-93d584bd2a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-27)", "content": "", "creation_timestamp": "2025-07-27T00:00:00.000000Z"}, {"uuid": "5975a07b-21c3-445c-95fc-1766eaf18298", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-03)", "content": "", "creation_timestamp": "2025-11-03T00:00:00.000000Z"}, {"uuid": "6b7f81f3-2cbc-4ba9-b7e1-d0f373f204fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-28)", "content": "", "creation_timestamp": "2025-07-28T00:00:00.000000Z"}, {"uuid": "2a316385-0cc1-441c-8703-270ae83d4471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-15)", "content": "", "creation_timestamp": "2025-10-15T00:00:00.000000Z"}, {"uuid": "64e9d3a4-40bd-499d-8938-73331843d515", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-29)", "content": "", "creation_timestamp": "2025-10-29T00:00:00.000000Z"}, {"uuid": "9483b783-e624-4647-b564-59e5d75e8b56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-26)", "content": "", "creation_timestamp": "2025-07-26T00:00:00.000000Z"}, {"uuid": "538fed61-e140-4e6e-abf1-f897423c9e18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-02)", "content": "", "creation_timestamp": "2025-08-02T00:00:00.000000Z"}, {"uuid": "d319f833-ad83-4440-afe8-d2d486ed2cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-03)", "content": "", "creation_timestamp": "2025-08-03T00:00:00.000000Z"}, {"uuid": "254839f4-cc36-4a62-bbd4-5b5b35c53da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-03)", "content": "", "creation_timestamp": "2025-08-03T00:00:00.000000Z"}, {"uuid": "bc3a8e75-b474-41f8-83f0-a78c2fb11e05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-16)", "content": "", "creation_timestamp": "2025-09-16T00:00:00.000000Z"}, {"uuid": "f46de8b6-3cfe-4627-ad80-8f4a48123375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://gist.github.com/Darkcrai86/6149dd2a8c2979bfdf1fffd82dc13d74", "content": "", "creation_timestamp": "2025-09-29T07:41:34.000000Z"}, {"uuid": "6e747579-3d94-48e0-bcd9-052a661d3f53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-27198", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3lzx3vpyj77y2", "content": "", "creation_timestamp": "2025-09-29T03:45:57.750583Z"}, {"uuid": "eab4b1ef-17be-415d-b1bb-1b12f4733047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-04)", "content": "", "creation_timestamp": "2025-08-04T00:00:00.000000Z"}, {"uuid": "0f39d27d-323a-4e78-a40a-08430005153f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-20)", "content": "", "creation_timestamp": "2025-11-20T00:00:00.000000Z"}, {"uuid": "fbd21af3-bf0a-458e-a9e8-55842aa557b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-11)", "content": "", "creation_timestamp": "2025-08-11T00:00:00.000000Z"}, {"uuid": "c3fd74e4-2a37-418c-9aae-aae0a559dbfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lw5dj7cy5r2m", "content": "", "creation_timestamp": "2025-08-11T17:36:51.316540Z"}, {"uuid": "8718bb97-6a39-4610-aa3f-b7c57a01deec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-23)", "content": "", "creation_timestamp": "2025-10-23T00:00:00.000000Z"}, {"uuid": "65f06f73-3004-4041-bb0e-b2e35e00bd14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwa7hp7utp2w", "content": "", "creation_timestamp": "2025-08-12T21:02:26.032363Z"}, {"uuid": "0f465097-611d-435d-b463-3e71a9fd074f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-17)", "content": "", "creation_timestamp": "2025-09-17T00:00:00.000000Z"}, {"uuid": "763db4df-c23c-4ef3-8edd-a2d9ea36b785", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-16)", "content": "", "creation_timestamp": "2025-08-16T00:00:00.000000Z"}, {"uuid": "8623bf52-5427-4d1b-8795-7d46987b3607", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-14)", "content": "", "creation_timestamp": "2025-08-14T00:00:00.000000Z"}, {"uuid": "fdebdcf3-cbb2-4b00-a1b1-64a6089e9411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-28)", "content": "", "creation_timestamp": "2025-10-28T00:00:00.000000Z"}, {"uuid": "4cd24739-3183-4599-8d9d-1e2195621929", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-17)", "content": "", "creation_timestamp": "2025-08-17T00:00:00.000000Z"}, {"uuid": "5f4578c7-615d-4485-8a3a-0f1c0b1f9f03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-14)", "content": "", "creation_timestamp": "2025-10-14T00:00:00.000000Z"}, {"uuid": "ce9f097a-33dd-4035-b22e-245a5dee8b9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-22)", "content": "", "creation_timestamp": "2025-09-22T00:00:00.000000Z"}, {"uuid": "7ac5cb00-57d4-4edf-9155-0dd8483f994c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-16)", "content": "", "creation_timestamp": "2025-10-16T00:00:00.000000Z"}, {"uuid": "c33db3ac-cf8b-4386-825b-425b3fb91009", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-05)", "content": "", "creation_timestamp": "2025-11-05T00:00:00.000000Z"}, {"uuid": "a29f2c57-782e-45a3-976c-2ecbb00bfb0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-20)", "content": "", "creation_timestamp": "2025-08-20T00:00:00.000000Z"}, {"uuid": "5f7e166b-c49c-477f-a2fb-53fd272b3dc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-08)", "content": "", "creation_timestamp": "2025-09-08T00:00:00.000000Z"}, {"uuid": "865cd2ad-ab05-4d00-a23d-e6ea93a80bce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-22)", "content": "", "creation_timestamp": "2025-08-22T00:00:00.000000Z"}, {"uuid": "c338e201-fc15-410a-ae3d-70e80a86c9fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-08)", "content": "", "creation_timestamp": "2025-09-08T00:00:00.000000Z"}, {"uuid": "c802bb0a-e282-4345-9a2e-7170d5adb129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-10)", "content": "", "creation_timestamp": "2025-10-10T00:00:00.000000Z"}, {"uuid": "efaede7d-3997-449c-826c-e505df8404a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-17)", "content": "", "creation_timestamp": "2025-10-17T00:00:00.000000Z"}, {"uuid": "7c7c2089-f763-4b51-9547-c2f911227a8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-15)", "content": "", "creation_timestamp": "2025-09-15T00:00:00.000000Z"}, {"uuid": "0da4dbcf-bc46-4fdd-9fee-641512d13fdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-12)", "content": "", "creation_timestamp": "2025-10-12T00:00:00.000000Z"}, {"uuid": "c747190a-2c58-4e32-8e18-438adfe1e554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-27)", "content": "", "creation_timestamp": "2025-08-27T00:00:00.000000Z"}, {"uuid": "e8e5468e-d683-4d47-bd9c-6c42e16eb104", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-24)", "content": "", "creation_timestamp": "2025-09-24T00:00:00.000000Z"}, {"uuid": "47b17e01-7ba6-45b5-b76c-1740efbf9fdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-29)", "content": "", "creation_timestamp": "2025-08-29T00:00:00.000000Z"}, {"uuid": "0da3a161-17f8-4ef3-8fb8-101e142b0eb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:11.000000Z"}, {"uuid": "20250022-1111-4438-b535-b7876c59b528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2024_27198.rb", "content": "", "creation_timestamp": "2024-03-14T00:28:29.000000Z"}, {"uuid": "eafad402-02a3-4930-ac86-a7f4de70dae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-20)", "content": "", "creation_timestamp": "2025-12-20T00:00:00.000000Z"}, {"uuid": "8818163d-e351-4ab0-be70-30015298874e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-24)", "content": "", "creation_timestamp": "2025-09-24T00:00:00.000000Z"}, {"uuid": "9c909463-1a1e-4e94-8e85-d18b1abdbbf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-17)", "content": "", "creation_timestamp": "2026-02-17T00:00:00.000000Z"}, {"uuid": "9acd1db1-e08e-4f2b-9f91-f6d22092fed1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-27)", "content": "", "creation_timestamp": "2025-12-27T00:00:00.000000Z"}, {"uuid": "1330f13c-5bca-4fbc-901d-8546651e1655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-06)", "content": "", "creation_timestamp": "2026-02-06T00:00:00.000000Z"}, {"uuid": "a6194fc6-88dd-4b3a-9df2-073823fc1323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-06)", "content": "", "creation_timestamp": "2026-01-06T00:00:00.000000Z"}, {"uuid": "acb97a52-b448-40ce-8839-f7dd1deb005a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-29)", "content": "", "creation_timestamp": "2025-12-29T00:00:00.000000Z"}, {"uuid": "e50c5901-64fe-421d-b576-2470d3a3c3b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-17)", "content": "", "creation_timestamp": "2026-03-17T00:00:00.000000Z"}, {"uuid": "d9f72726-f3e5-4ffe-8f90-74e992606e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-06)", "content": "", "creation_timestamp": "2026-01-06T00:00:00.000000Z"}, {"uuid": "480346aa-37c8-4d66-8660-1373ce90af8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-05)", "content": "", "creation_timestamp": "2026-03-05T00:00:00.000000Z"}, {"uuid": "dd55480b-6b4f-4e14-9d9b-5587fdeb38bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-11)", "content": "", "creation_timestamp": "2026-01-11T00:00:00.000000Z"}, {"uuid": "ee7b08ca-dbe6-44a0-bbab-6c13f55536ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-09)", "content": "", "creation_timestamp": "2026-01-09T00:00:00.000000Z"}, {"uuid": "199d04fe-f600-4902-9fd9-a9d1340e2a35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-11)", "content": "", "creation_timestamp": "2026-01-11T00:00:00.000000Z"}, {"uuid": "f3baf730-1c63-48ee-b306-3fea2226fee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-09)", "content": "", "creation_timestamp": "2026-01-09T00:00:00.000000Z"}, {"uuid": "7add8129-b35e-4e5c-b04d-247acc74dda3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-12)", "content": "", "creation_timestamp": "2026-01-12T00:00:00.000000Z"}, {"uuid": "c2683dc9-8d81-4255-a727-41f5521e1243", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-19)", "content": "", "creation_timestamp": "2026-01-19T00:00:00.000000Z"}, {"uuid": "c670d4d3-e519-4c35-94f6-fa787d7bfca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-13)", "content": "", "creation_timestamp": "2026-01-13T00:00:00.000000Z"}, {"uuid": "e24699f2-9e59-4deb-8806-ef7b443d9876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-12)", "content": "", "creation_timestamp": "2026-03-12T00:00:00.000000Z"}, {"uuid": "042d8da9-d324-45d2-bf8b-1b991ee49253", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-18)", "content": "", "creation_timestamp": "2026-01-18T00:00:00.000000Z"}, {"uuid": "5860d8d6-8da8-49d7-ae5f-56d0b614e516", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-15)", "content": "", "creation_timestamp": "2026-01-15T00:00:00.000000Z"}, {"uuid": "9a95fca7-91ae-4f3a-9252-b2089375695e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-20)", "content": "", "creation_timestamp": "2026-01-20T00:00:00.000000Z"}, {"uuid": "073cf30e-30d0-4ce5-af6a-6109c1b5c485", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-01)", "content": "", "creation_timestamp": "2026-04-01T00:00:00.000000Z"}, {"uuid": "59cad49c-1770-4611-9541-aef518d9ca43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-20)", "content": "", "creation_timestamp": "2026-01-20T00:00:00.000000Z"}, {"uuid": "b6e4c9a9-7c29-448e-a6c5-6c98109de9a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-15)", "content": "", "creation_timestamp": "2026-03-15T00:00:00.000000Z"}, {"uuid": "cf07cb00-d855-4fa7-8eb1-112237dcf940", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/fdda4963-0aa7-4d15-8a8f-969db8f304ca", "content": "", "creation_timestamp": "2025-02-28T23:49:13.272798Z"}, {"uuid": "86179680-55dc-4b1a-aaee-68614c1456f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/c9976f02-9b06-467e-b11e-e2c217dbfca6", "content": "", "creation_timestamp": "2026-02-02T12:26:40.116696Z"}, {"uuid": "0ed74459-6c97-4695-846a-9d0eb1bc1f63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-01)", "content": "", "creation_timestamp": "2026-04-01T00:00:00.000000Z"}, {"uuid": "5e169839-9e28-47a2-ac74-02ef7cd22a69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-04)", "content": "", "creation_timestamp": "2026-04-04T00:00:00.000000Z"}, {"uuid": "22e92be7-b2f4-47df-bff3-c7de7b4f1189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-02)", "content": "", "creation_timestamp": "2026-04-02T00:00:00.000000Z"}, {"uuid": "755d717f-13e7-480f-be54-23c46552cd82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-02)", "content": "", "creation_timestamp": "2026-04-02T00:00:00.000000Z"}, {"uuid": "f9d83fb4-de01-47ca-8528-9a76a6f80c73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/", "content": "", "creation_timestamp": "2026-04-06T04:00:00.000000Z"}, {"uuid": "0b94fcea-d450-4d65-a363-0591b81591f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/LegeDtMxRTlSxU-E4vRWPyR6r8eVZBSkTQd0bvp4AR24yPQ", "content": "", "creation_timestamp": "2025-12-17T21:00:04.000000Z"}, {"uuid": "0e138619-7ff9-47f2-9a85-2117a3bf0b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "MISP/f3b16ca9-f749-4169-9a68-b159e6aaf5ed", "content": "", "creation_timestamp": "2026-04-08T07:25:51.000000Z"}, {"uuid": "0135ab2d-cd93-429d-8958-7d2d9df3d81b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "Telegram/RBGb7D5r9ouBhFju1ZLzgmlaQDFMPpPYyGsZMRxRKB5TptA", "content": "", "creation_timestamp": "2024-03-20T13:33:29.000000Z"}, {"uuid": "6fd477cb-30ce-4e7c-a789-258feba671c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-", "content": "", "creation_timestamp": "2026-04-07T04:00:00.000000Z"}, {"uuid": "061de04f-bdf3-4038-8f6c-9804093e65f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-11)", "content": "", "creation_timestamp": "2026-04-11T00:00:00.000000Z"}, {"uuid": "d9e0c3f8-7370-4c69-bda7-1d55b2ec1999", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-10)", "content": "", "creation_timestamp": "2026-04-10T00:00:00.000000Z"}, {"uuid": "3d1a9456-e43b-40b5-8911-a5ae02b05335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-16)", "content": "", "creation_timestamp": "2026-04-16T00:00:00.000000Z"}, {"uuid": "a48b4f88-95c9-4338-8b9a-b955fe1bca39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-10)", "content": "", "creation_timestamp": "2026-04-10T00:00:00.000000Z"}, {"uuid": "87819839-47c8-40e4-bb15-70c968afa4c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-15)", "content": "", "creation_timestamp": "2026-04-15T00:00:00.000000Z"}, {"uuid": "afa09a14-02c5-47d8-824b-876e76edf8d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/cKure/13279", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Hackers use PoC exploits in attacks 22 minutes after release.\n\nDuring the examined period, the most targeted flaws were CVE-2023-50164 and CVE-2022-33891 in Apache products, CVE-2023-29298, CVE-2023-38203 and CVE-2023-26360 in Coldfusion, and CVE-2023-35082 in MobileIron.\n\nA characteristic example of the rise in the speed of weaponization is CVE-2024-27198, an authentication bypass flaw in JetBrains TeamCity.\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/\n\nhttps://blog.cloudflare.com/application-security-report-2024-update\n\nhttps://www.cloudflare.com/en-gb/2024-application-security-trends/", "creation_timestamp": "2024-07-13T20:21:42.000000Z"}, {"uuid": "af0df0b7-f3eb-4f7f-ac8d-33c673918894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-21)", "content": "", "creation_timestamp": "2026-04-21T00:00:00.000000Z"}, {"uuid": "460a725c-d3e9-419a-898b-ac4e6bd02c03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "MISP/f3b16ca9-f749-4169-9a68-b159e6aaf5ed", "content": "", "creation_timestamp": "2026-04-18T13:07:25.000000Z"}, {"uuid": "8f1ecf31-8570-4536-add0-73884fe691c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-18)", "content": "", "creation_timestamp": "2026-04-18T00:00:00.000000Z"}, {"uuid": "e21512ed-9b6c-4ae6-80e6-aa60d2f18f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-20)", "content": "", "creation_timestamp": "2026-04-20T00:00:00.000000Z"}, {"uuid": "9676a296-ee77-419b-a04f-3f2412341c0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-19)", "content": "", "creation_timestamp": "2026-04-19T00:00:00.000000Z"}, {"uuid": "edcc0833-8873-4339-aa6e-750fd887da0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8274", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC about CVE-2024-27198\nURL\uff1ahttps://github.com/l-urk/CVE-2024-6387-L\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-16T20:38:09.000000Z"}, {"uuid": "0268df21-983a-4635-9ab1-e5484d96772b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-19)", "content": "", "creation_timestamp": "2026-04-19T00:00:00.000000Z"}, {"uuid": "307ce2ad-565e-47f5-95cd-7b6f0caef241", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-23)", "content": "", "creation_timestamp": "2026-04-23T00:00:00.000000Z"}, {"uuid": "f06f80b0-b38e-4946-a420-c87515447b2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-authentication-bypass-and-path-traversal-vulnerabilities-jetbrains-teamcity", "content": "", "creation_timestamp": "2026-04-21T05:10:14.000000Z"}, {"uuid": "1c3849b1-e6d2-4334-a10a-54b972670953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://www.acn.gov.it/portale/w/poc-pubblici-per-lo-sfruttamento-di-vulnerabilita-in-jetbrains-teamcity", "content": "", "creation_timestamp": "2024-03-07T09:21:00.000000Z"}, {"uuid": "4d943ed7-a07e-4ca5-8b18-28f030ceae00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/11102", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aIn this project, I exploited the CVE-2024-27198-RCE vulnerability to perform a remote code execution (RCE) attack on a vulnerable TeamCity server.\nURL\uff1ahttps://github.com/ArtemCyberLab/Project-Exploiting-CVE-2024-27198-RCE-Vulnerability\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-01-22T00:14:10.000000Z"}, {"uuid": "ea292dfe-014b-4e6d-b302-0b6ffffba06a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8272", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC about CVE-2024-27198\nURL\uff1ahttps://github.com/jrbH4CK/CVE-2024-27198\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-16T05:46:38.000000Z"}, {"uuid": "4249bc1c-3fa2-4fbb-b1f3-18d4d73aba60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8237", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2024-27198 & CVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information  #RCE #python3\nURL\uff1ahttps://github.com/Pypi-Project/RCity-CVE-2024-27198\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-08-12T04:52:25.000000Z"}, {"uuid": "850c1832-1712-4e5d-8d04-34a9352b993c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8737", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aa proof of concept of the CVE-2024-27198 which infect jetbrains teamCity\nURL\uff1ahttps://github.com/Cythonic1/CVE-2024-27198_POC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-10-14T16:42:26.000000Z"}, {"uuid": "9d491354-d384-496e-9783-19755ffb82dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6722", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-27198 - Authentication Bypass Using an Alternate Path vulnerability in JetBrains TeamCity Server\nURL\uff1ahttps://github.com/labesterOct/CVE-2024-27198\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-09T15:29:02.000000Z"}, {"uuid": "2aaf2791-6961-41dd-972d-6ec42f936c34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-24)", "content": "", "creation_timestamp": "2026-04-24T00:00:00.000000Z"}, {"uuid": "ced17c33-6736-4949-9ba0-63fba061028a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/itsec_news/4185", "content": "\u200b\u26a1\ufe0fBianLian \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 JetBrains \u0434\u043b\u044f \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430\n\n\ud83d\udcac \u0418\u0411-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f GuidePoint Security \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 BianLian \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 JetBrains TeamCity \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0430\u0442\u0430\u043a.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0430\u0442\u0430\u043a, \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0449\u0443\u044e\u0441\u044f \u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430 TeamCity \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-27198 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9.8) \u0438\u043b\u0438 CVE-2023-42793 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9.8), \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0434\u043b\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0438 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0432\u043d\u0443\u0442\u0440\u0438 \u0441\u0435\u0442\u0438. \u041d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0435\u044f\u0441\u043d\u043e, \u043a\u0430\u043a\u043e\u0439 \u0438\u0437 \u0434\u0432\u0443\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0434\u043b\u044f \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f.\n\n\u041e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a BianLian \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u044b \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Go, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u2013 AnyDesk, Atera, SplashTop \u0438 TeamViewer.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 BianLian \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f Microsoft \u043a\u0430\u043a BianDoor. \u041f\u043e\u0441\u043b\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u044b\u0445 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 \u043d\u0430 Go, \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u043f\u0435\u0440\u0435\u0448\u043b\u0438 \u043a \u043c\u0435\u0442\u043e\u0434\u0443 Living off the Land (LotL) \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u0441\u0432\u043e\u0435\u0433\u043e \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u043d\u0430 PowerShell, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0447\u043d\u044b\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b. \u041e\u0431\u0444\u0443\u0441\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 PowerShell \u0441\u043e\u0437\u0434\u0430\u0435\u0442 TCP-\u0441\u043e\u043a\u0435\u0442 \u0434\u043b\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f (Command and Control, C2), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u043c \u0445\u043e\u0441\u0442\u0435 \u0441 \u0446\u0435\u043b\u044c\u044e \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430.\n\n\u041e\u0442\u043c\u0435\u0442\u0438\u043c, \u0447\u0442\u043e CVE-2023-42793 \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b TeamCity. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0445\u0430\u043a\u0435\u0440\u0443 \u0434\u043e\u0441\u0442\u0438\u0433\u043d\u0443\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (Remote Code Execution, RCE) \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u041a\u0430\u043a \u0437\u0430\u044f\u0432\u0438\u043b\u043e \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e CISA, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a TeamCity \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0430\u0442\u044c\u0441\u044f \u043f\u043e \u0441\u0435\u0442\u044f\u043c, \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u044b \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0442\u044c \u0434\u043e\u043b\u0433\u043e\u0441\u0440\u043e\u0447\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0441\u0435\u0442\u044f\u043c, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u043a \u0441\u0435\u0442\u044f\u043c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 CVE-2024-27198 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u0440\u0442\u0430 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 TeamCity On-Premises \u0434\u043e 2023.11.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043f\u043e HTTP(S) \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443 TeamCity \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c. \u041a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430 TeamCity \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0441\u0435 \u043f\u0440\u043e\u0435\u043a\u0442\u044b, \u0441\u0431\u043e\u0440\u043a\u0438, \u0430\u0433\u0435\u043d\u0442\u044b \u0438 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u044b TeamCity, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0435\u0433\u043e \u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0449\u0438\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-03-12T08:25:35.000000Z"}, {"uuid": "0e52d01e-5fd7-4b1b-a88e-a47e7d42ae57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6770", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aA PoC exploit for CVE-2024-27198 - JetBrains TeamCity Authentication Bypass\nURL\uff1ahttps://github.com/K3ysTr0K3R/CVE-2024-27198-EXPLOIT\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-09T22:26:21.000000Z"}, {"uuid": "cfb91e6e-116c-4d47-84ad-0a950bdff29d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6743", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aA PoC for CVE-2024-27198 written in golang\nURL\uff1ahttps://github.com/rampantspark/CVE-2024-27198\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-07T15:15:27.000000Z"}, {"uuid": "7fd3a721-dcfc-4e65-819d-59d4de0a9095", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6730", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4\nURL\uff1ahttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-06T03:17:48.000000Z"}, {"uuid": "74bc8521-68a1-4a15-af05-1781efab094d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6721", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aExploit for CVE-2024-27198 - TeamCity Server\nURL\uff1ahttps://github.com/yoryio/CVE-2024-27198\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-05T05:44:41.000000Z"}, {"uuid": "05c4bdc1-132e-48c2-b69c-6d810669ee9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6922", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aEm fevereiro de 2024, foi identificado duas novas vulnerabilidades que afetam o servidor JetBrains TeamCity (CVE-2024-27198 e CVE-2024-27199)\nURL\uff1ahttps://github.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198-\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-02T09:51:58.000000Z"}, {"uuid": "8821cbbf-72fb-4d45-8243-999c3c1d6947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-28)", "content": "", "creation_timestamp": "2026-04-28T00:00:00.000000Z"}, {"uuid": "cd590504-fe76-4889-b619-98ac294aa271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7147", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information\nURL\uff1ahttps://github.com/Stuub/RCity-CVE-2024-27198\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-05-09T15:32:56.000000Z"}, {"uuid": "2f2c6625-d241-45c1-b1f4-b54c3cb8e601", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-25)", "content": "", "creation_timestamp": "2026-04-25T00:00:00.000000Z"}, {"uuid": "2a963ef0-e379-4c90-bbb9-ead4e01f786a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/purple_medved/201", "content": "\u0414\u0430\u0432\u043d\u043e \u0443\u0436\u0435 \u043c\u044b \u043d\u0435 \u043e\u0431\u0441\u0443\u0436\u0434\u0430\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0443 \u043d\u0430\u0441 \u0441\u0432\u0435\u0436\u0435\u043d\u044c\u043a\u0430\u044f RCE - CVE-2024-27198 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=9.8) \u0438 path traversal - CVE-2024-27199 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=7.3) \u0432 TeamCity CI/CD \u043e\u0442 JetBrains\n\n\u0414\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u043f\u0440\u044f\u043c\u043e \u0438\u0437 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f TeamCity CI/CD \u0432 \u0446\u0435\u043b\u043e\u043c \u0443\u0436\u0435 \u043f\u043e\u043d\u044f\u0442\u043d\u043e \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u043d\u043e \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u044b \u0434\u0435\u0442\u0430\u043b\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0435\u0434\u0438\u0441\u043b\u043e\u0432\u0438\u044f, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u044b\u0439 \u043e\u0431\u0437\u043e\u0440 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0431\u0430\u0433\u0438 \u0432 \u044d\u0442\u043e\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438.\n\n\u041f\u043e\u0437\u0430\u0432\u0447\u0435\u0440\u0430 \u0432 \u0431\u043b\u043e\u0433\u0435 Rapid7 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\nCVE-2024-27198 - \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043b\u043e\u0433\u0438\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u043a\u043b\u0430\u0441\u0441\u0430 jetbrains.buildServer.controllers.BaseController \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 web-openapi.jar. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043a\u0438 \u0438\u043b\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f access token \u0434\u043b\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 c  \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u0430 jsp=/app/rest/users;.jsp\n\ncurl -ik http://target.com/hax?jsp=/app/rest/users;.jsp -X POST -H \"Content-Type: application/json\" --data \"{\\\"username\\\": \\\"haxor\\\", \\\"password\\\": \\\"haxor\\\", \\\"email\\\": \\\"haxor\\\", \\\"roles\\\": {\\\"role\\\": [{\\\"roleId\\\": \\\"SYSTEM_ADMIN\\\", \\\"scope\\\": \\\"g\\\"}]}}\"\n\nCVE-2024-27199 - \u0442\u043e\u0436\u0435 \u043f\u0440\u043e \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u043e \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u043c \u0440\u0443\u0447\u043a\u0430\u043c /res, /update, /.well-known/acme-challenge. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441 \u0441 path traversal \u043a \u044d\u0442\u0438\u043c \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u0430\u043c, \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 /res/../admin/diagnostic.jsp \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e. \u0410 /res/../app/https/settings/uploadCertificate \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c tls \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438 https \u043f\u043e\u0440\u0442 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 /res/../app/https/settings/setPort. \n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0440\u0443\u0447\u0435\u043a \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0432 \u0431\u043b\u043e\u0433\u0435 \u0430\u0432\u0442\u043e\u0440\u043e\u0432.\n\n\u2699\ufe0f POC: https://github.com/yoryio/CVE-2024-27198, \u043c\u043e\u0434\u0443\u043b\u044c metasploit https://github.com/rapid7/metasploit-framework/pull/18922\n\ud83d\udd0e Sigma \u043f\u0440\u0430\u0432\u0438\u043b\u0430: https://github.com/rapid7/Rapid7-Labs/blob/main/Sigma/path_traversal_attacks_CVE_2024_27199.yml\n\ud83e\udeb2 \u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e: TeamCity \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\u2705 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\n#TeamCity #RCE #CVE-2024-27198", "creation_timestamp": "2024-03-06T07:34:46.000000Z"}, {"uuid": "b70b511a-41a4-41e5-b9ee-ea7733f64676", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/BleepingComputer/19573", "content": "\u200aTeamCity auth bypass bug exploited to mass-generate admin accounts\n\nHackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday. [...]\n\nhttps://www.bleepingcomputer.com/news/security/teamcity-auth-bypass-bug-exploited-to-mass-generate-admin-accounts/", "creation_timestamp": "2024-03-07T01:18:31.000000Z"}, {"uuid": "cae519a4-588c-4bbc-b21d-9e5b509f3d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/BleepingComputer/19557", "content": "\u200aExploit available for new critical TeamCity auth bypass bug, patch now\n\nA critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. [...]\n\nhttps://www.bleepingcomputer.com/news/security/exploit-available-for-new-critical-teamcity-auth-bypass-bug-patch-now/", "creation_timestamp": "2024-03-04T23:33:04.000000Z"}, {"uuid": "5daae0a2-4366-448b-9e26-1283906ac376", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/poxek/3774", "content": "\u0414\u0430\u0432\u043d\u043e \u0443\u0436\u0435 \u043c\u044b \u043d\u0435 \u043e\u0431\u0441\u0443\u0436\u0434\u0430\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0443 \u043d\u0430\u0441 \u0441\u0432\u0435\u0436\u0435\u043d\u044c\u043a\u0430\u044f RCE - CVE-2024-27198 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=9.8) \u0438 path traversal - CVE-2024-27199 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=7.3) \u0432 TeamCity CI/CD \u043e\u0442 JetBrains\n\n\u0414\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u043f\u0440\u044f\u043c\u043e \u0438\u0437 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f TeamCity CI/CD \u0432 \u0446\u0435\u043b\u043e\u043c \u0443\u0436\u0435 \u043f\u043e\u043d\u044f\u0442\u043d\u043e \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u043d\u043e \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u044b \u0434\u0435\u0442\u0430\u043b\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0435\u0434\u0438\u0441\u043b\u043e\u0432\u0438\u044f, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u044b\u0439 \u043e\u0431\u0437\u043e\u0440 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0431\u0430\u0433\u0438 \u0432 \u044d\u0442\u043e\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438.\n\n\u041f\u043e\u0437\u0430\u0432\u0447\u0435\u0440\u0430 \u0432 \u0431\u043b\u043e\u0433\u0435 Rapid7 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\nCVE-2024-27198 - \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043b\u043e\u0433\u0438\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u043a\u043b\u0430\u0441\u0441\u0430 jetbrains.buildServer.controllers.BaseController \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 web-openapi.jar. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043a\u0438 \u0438\u043b\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f access token \u0434\u043b\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 c  \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u0430 jsp=/app/rest/users;.jsp\n\ncurl -ik http://target.com/hax?jsp=/app/rest/users;.jsp -X POST -H \"Content-Type: application/json\" --data \"{\\\"username\\\": \\\"haxor\\\", \\\"password\\\": \\\"haxor\\\", \\\"email\\\": \\\"haxor\\\", \\\"roles\\\": {\\\"role\\\": [{\\\"roleId\\\": \\\"SYSTEM_ADMIN\\\", \\\"scope\\\": \\\"g\\\"}]}}\"\n\nCVE-2024-27199 - \u0442\u043e\u0436\u0435 \u043f\u0440\u043e \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u043e \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u043c \u0440\u0443\u0447\u043a\u0430\u043c /res, /update, /.well-known/acme-challenge. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441 \u0441 path traversal \u043a \u044d\u0442\u0438\u043c \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u0430\u043c, \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 /res/../admin/diagnostic.jsp \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e. \u0410 /res/../app/https/settings/uploadCertificate \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c tls \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438 https \u043f\u043e\u0440\u0442 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 /res/../app/https/settings/setPort. \n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0440\u0443\u0447\u0435\u043a \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0432 \u0431\u043b\u043e\u0433\u0435 \u0430\u0432\u0442\u043e\u0440\u043e\u0432.\n\n\u2699\ufe0f POC: https://github.com/yoryio/CVE-2024-27198, \u043c\u043e\u0434\u0443\u043b\u044c metasploit https://github.com/rapid7/metasploit-framework/pull/18922\n\ud83d\udd0e Sigma \u043f\u0440\u0430\u0432\u0438\u043b\u0430: https://github.com/rapid7/Rapid7-Labs/blob/main/Sigma/path_traversal_attacks_CVE_2024_27199.yml\n\ud83e\udeb2 \u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e: TeamCity \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\u2705 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\n#TeamCity #RCE #CVE-2024-27198", "creation_timestamp": "2024-03-08T13:01:36.000000Z"}, {"uuid": "cf5781d0-c07f-4fdd-92d8-31460db41167", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/beaverdreamer/137", "content": "#teamcity #cicd\n\u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u0432\u044b\u0448\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2024-27198 \u0438 CVE-2024-27199) \u0432 JetBrains TeamCity \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u0430 CVE-2024-27198, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0414\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0442\u0440\u0451\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u0439:\n- \u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0435 \u043a \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u0441\u043e \u0441\u0442\u0430\u0442\u0443\u0441\u043e\u043c \u043e\u0442\u0432\u0435\u0442\u0430 404\n- \u041f\u0435\u0440\u0435\u0434\u0430\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 jsp, \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u043d\u0430 URL, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (\u043d\u0430 \u043d\u0435\u0433\u043e \u0438 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0430)\n- \u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0447\u0442\u043e\u0431\u044b \u043f\u0443\u0442\u044c \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u043b\u0441\u044f \u043d\u0430 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 jsp, \u0442\u0430\u043a \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0435\u0446 \u043f\u0440\u043e\u0441\u0442\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c: ;.jsp \n\n\u0412 \u0438\u0442\u043e\u0433\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0441\u0441\u044b\u043b\u043a\u0443 \u0432\u0438\u0434\u0430: /hax?jsp=/app/rest/server;.jsp, \u043f\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u043e\u0436\u0435\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u0435\u0440\u0441\u0438\u044e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (\u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043e\u0431\u0449\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435).\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-27199 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043a \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0431\u043e\u043b\u0435\u0435 \u043c\u0435\u043d\u044c\u0448\u0435\u043c\u0443 \u043f\u0435\u0440\u0435\u0447\u043d\u044e \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u043e\u0432 (\u0441\u043c. \u0440\u0435\u0441\u0435\u0440\u0447).\n\n\u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e TeamCity \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043d\u0430 \u043f\u043e\u0440\u0442\u0443 8111/tcp\n\n\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043f\u0435\u0440\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\nPython: https://github.com/Chocapikk/CVE-2024-27198\n\u041c\u043e\u0434\u0443\u043b\u044c \u043c\u0435\u0442\u0430\u0441\u043f\u043b\u043e\u0439\u0442\u0430: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2023_42793.rb\n\n\u041e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u0440\u0435\u0441\u0435\u0440\u0447 + \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438:\nhttps://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-03-12T10:39:08.000000Z"}, {"uuid": "d32b3181-17fe-4d9a-9c0c-a78e5be0cfe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/124424", "content": "", "creation_timestamp": "2024-10-10T12:28:47.000000Z"}, {"uuid": "ceed47ec-83c8-4eb3-96fc-0330f9706dec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/202", "content": "CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)\n\n\ud83d\udc64 by Rapid7\n\nIn February 2024, Rapid7\u2019s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server:\n\n\u2022 CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288) and has a CVSS base score of 9.8 (Critical).\n\n\u2022 CVE-2024-27199 is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue (CWE-22) and has a CVSS base score of 7.3 (High).\n\n\ud83d\udcdd Contents:\n\u25cf Overview\n\u25cf Impact\n\u25cf Remediation\n\u25cf Analysis\n    \u2022 CVE-2024-27198\n    \u2022 CVE-2024-27199\n\u25cf Rapid7 customers\n\u25cf Timeline\n\nhttps://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-03-05T11:02:15.000000Z"}, {"uuid": "352d5df5-1270-4c06-ba17-5095ab35a874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/kasperskyb2b/1156", "content": "\ud83d\udd0e \u0421\u0435\u0440\u0432\u0435\u0440\u044b TeamCity \u0441\u043d\u043e\u0432\u0430 \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0443\u0433\u043e\u043d\u0430\n\n\u0414\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0432\u0437\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 TeamCity on-prem (CVE-2024-27198 \u0438 -27199, CVSS 9.8 \u0438 7.3) \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u043e\u0431\u0445\u043e\u0434\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043e\u0431\u0445\u043e\u0434\u0443 \u043f\u0443\u0442\u0438, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0430\u0439\u0434\u0435\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0438 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0435\u043d\u044b \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0443, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d. \u041d\u043e \u0442\u0430\u043a\u0436\u0435 \u0435\u0441\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0431\u043e\u0435\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0438 \u0440\u0435\u0430\u043b\u044c\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u044f\u0432\u0438\u0442\u044c\u0441\u044f \u043e\u0447\u0435\u043d\u044c \u0441\u043a\u043e\u0440\u043e. \u041f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 JetBrains \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u043e.\n\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c\u0441\u044f \u0434\u043e 2023.11.4 \u0438\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c \u043f\u043b\u0430\u0433\u0438\u043d.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-03-05T13:08:34.000000Z"}, {"uuid": "17da2d43-7ea1-4ef8-bc80-933582fcb255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/bizone_channel/1133", "content": "\ud83e\udd65 BI.ZONE WAF \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u0442 \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 JetBrains TeamCity\n\n\u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435\u00a0\u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e\u00a0\u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 CI/CD \u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u041f\u041e JetBrains TeamCity.\u00a0\u041e\u043d\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0432\u0435\u0431-\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c TeamCity On-Premises CI/CD \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 \u0434\u043e 2023.11.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e.\n\n\u0420\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043e\u0431 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435:\n\ud83d\udd35CVE-2024-27198 (BDU:2024-01792) \u2014 9,8 \u0438\u0437 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043d\u043e\u0432\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u044d\u0442\u043e\u043c\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0440\u0435\u0434\u043e\u0439.\n\n\ud83d\udd35CVE-2024-27199 \u2014 7,3 \u0438\u0437 10 \u0431\u0430\u043b\u043b\u043e\u0432\u00a0\u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS\n\u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u0435\u0445\u043d\u0438\u043a\u0443 path traversal, \u0447\u0442\u043e\u0431\u044b \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 TeamCity. \u0422\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0443\u0437\u043d\u0430\u0442\u044c \u043e \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u0445 \u0432 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0438 \u0438\u0445 \u0441\u0442\u0430\u0442\u0443\u0441\u0430\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u0440\u0443\u0433\u0443\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e.\n\n\u041a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 JetBrains TeamCity \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 2023.11.4. \u0427\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0440\u0438\u0441\u043a\u0430 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u044d\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u0422\u0430\u043a\u0436\u0435 \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f \u043f\u043e\u043c\u043e\u0436\u0435\u0442 BI.ZONE WAF. \u041d\u0430\u0448\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0437\u0430\u0449\u0438\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u044b \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0430\u0448\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u0430 BI.ZONE CPT. \u041d\u043e\u0432\u044b\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0441\u043a\u0430\u043d\u0435\u0440\u0443 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 TeamCity.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435", "creation_timestamp": "2024-03-12T11:59:15.000000Z"}, {"uuid": "278b4733-80b0-4ee5-8c57-2216f8a344da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/Dg1KyPJcWBTJ6yLO4RmOsXb18cqthGieKgxCuNJDtxLm_Xs", "content": "", "creation_timestamp": "2024-03-06T13:04:35.000000Z"}, {"uuid": "c8084d13-c9f1-4a8d-94ac-2f7bf18e62c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "Telegram/XQHWJnL4rtz2wwTs82EaD4JRdpenCZKjrs-m23qHD4IpVQ", "content": "", "creation_timestamp": "2024-03-05T05:12:55.000000Z"}, {"uuid": "5df1c5ae-8267-40ee-a51d-a28b90c35b91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/M9izqmFIqveXFjkyVZ3EYIy_pXA0iBvze5EOW7MRGLVuPVg", "content": "", "creation_timestamp": "2024-07-18T05:46:33.000000Z"}, {"uuid": "acf985d8-afa6-4f86-92dc-2fa26480928e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "Telegram/1HpJoHbGktnLHFclnifA8N-VjFDX2mD3Z5MoWrgOSA7gog", "content": "", "creation_timestamp": "2024-03-08T09:16:41.000000Z"}, {"uuid": "0bf28a96-64b2-498c-b2f2-291ec85bf55a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/3616", "content": "CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity exploit\n\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\nhttps://github.com/Chocapikk/CVE-2024-27198\n\nhttps://github.com/rapid7/metasploit-framework/pull/18922\n\nCyberspace Mapping Dork:\nFofa\napp=\"JET_BRAINS-TeamCity\"\n\nZoomEye\napp:\"JetBrains TeamCity\"\n\nHunter.how\nproduct.name=\"TeamCity\"\n\nShodan\nhttp.component:\"teamcity\"\n\nRead research: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-04-20T12:09:32.000000Z"}, {"uuid": "1421ff9d-26b5-41e6-82fd-322104d86d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/3613", "content": "CVE-2024-27198 \u0648 -27199: \u062a\u062c\u0627\u0648\u0632 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0641\u064a JetBrains TeamCity\u060c \u062a\u0642\u064a\u064a\u0645 9.8 \ud83d\udd25\n\n\u062a\u0644\u0643 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0642\u062f \u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u062a\u062c\u0627\u0648\u0632 \u0641\u062d\u0648\u0635\u0627\u062a \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0623\u0630\u0648\u0646\u0627\u062a \u0625\u062f\u0627\u0631\u064a\u0629 \u0639\u0644\u0649 \u062e\u0627\u062f\u0645 TeamCity. \u062a\u0623\u062b\u0631\u062a \u062c\u0645\u064a\u0639 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u062d\u062a\u0649 2023.11.3!\n\n\u0627\u0644\u0631\u0627\u0628\u0637: [https://nt.ls/7DYva](https://nt.ls/7DYva)\n\ud83d\udc49 Dork: http.headers.set_cookie:TCSESSIONID NOT http.body:\"2023.11.3\" NOT http.body:\"2023.11.4\"\n\n\u0627\u0644\u062a\u062d\u0630\u064a\u0631 \u0627\u0644\u062e\u0627\u0635 \u0628\u0627\u0644\u0628\u0627\u0626\u0639: [https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/](https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/)", "creation_timestamp": "2024-04-20T11:46:51.000000Z"}, {"uuid": "60c2a245-14b2-4be8-b1f4-0c3a2420af9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "Telegram/ZKJLgcox9pf4VUsmeUpajLC3BHow5UVs9fz59ZjvHdo24w", "content": "", "creation_timestamp": "2024-03-20T15:21:39.000000Z"}, {"uuid": "5da6b4aa-c57a-4d41-8f47-eff623240d18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/I91EOBQSMc6QgjUmUkKdNTKa6NaT2PcSSuIhzR5ia60pL0zH", "content": "", "creation_timestamp": "2024-03-06T13:25:47.000000Z"}, {"uuid": "2e70c264-5ce9-47aa-9290-3cd5c4526aec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/2301", "content": "\ud83d\udea8CVE-2024-27198 & CVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information\n\nhttps://darkwebinformer.com/cve-2024-27198-cve-2024-27199-poc-rce-admin-account-creation-enum-users-server-information/", "creation_timestamp": "2024-08-12T16:09:21.000000Z"}, {"uuid": "5a150b69-17b1-40d2-a66a-3f182ef83661", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/Hunt3rkill3rs1/73", "content": "Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4\n\nUpdated Version!", "creation_timestamp": "2024-05-02T16:40:56.000000Z"}, {"uuid": "eb8a564e-3dd2-4881-9c72-c05e0f34c5ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/Hunt3rkill3rs1/53", "content": "\u041c\u044b \u043f\u0440\u043e\u0434\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b:\n\n+ Windows LPE (CVE-2024-26169), March 2024\n\n+ Microsoft Outlook RCE (CVE-2024-21413) - private and upgraded version (added suport for unauthenticated SMTP servers)\n\n+ GlobalProtect RCE (CVE-2024-3400)\n\n+ Fortinet FortiOS RCE (CVE-2024-21762)\n\n+ ScreenConnect RCE (CVE-2024-1709)\n\n+ Ivanti Exploit (CVE-2024-21893)\n\n+ Jenkins Exploit (CVE-2024-23897)\n\n+ JetBrains RCE (CVE-2024-27198)", "creation_timestamp": "2024-05-02T02:29:37.000000Z"}, {"uuid": "bdc0d58d-328a-471c-81d6-6ff055f24867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/0QBS_Y9SIHbtweMtfzeDMak4jZBR0fhaT75HH74_tl9C6qM", "content": "", "creation_timestamp": "2024-06-23T00:33:57.000000Z"}, {"uuid": "c64da13d-5f4d-433b-a145-ac6a96d42fd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/ey3ck5CoUq83pZiLcsM9I7rhiOl6F-HASbMaBSuBfL_gqN4", "content": "", "creation_timestamp": "2024-05-02T16:41:56.000000Z"}, {"uuid": "aee6abcf-1f59-40e2-9242-02d230638481", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/I1tI3l6b8xrgMTEVhRCInb0fj1yPckRKSe-doD8aKIaUgA", "content": "", "creation_timestamp": "2024-03-09T12:31:47.000000Z"}, {"uuid": "b5ea69a2-edac-416f-9595-3283cdb0f111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/124838", "content": "", "creation_timestamp": "2024-10-10T22:20:10.000000Z"}, {"uuid": "956e27e1-56fc-49ae-864d-19395c1a655c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/hackmania_channel/3581", "content": "", "creation_timestamp": "2024-06-23T00:35:53.000000Z"}, {"uuid": "dd7ed35f-ad08-4b60-9e9a-1f8be3257080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/55T-lGDs2FZ-WKgBKdaWKbWzfkFyrCHQ3wH4n1NcvIpAM7f0", "content": "", "creation_timestamp": "2024-04-05T13:01:47.000000Z"}, {"uuid": "17820e13-b4af-42e1-b6e4-772036937318", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/67MU0eEHg4trR2vrkcTlIVenPUue1xBb4arqj9OEinsutY1t", "content": "", "creation_timestamp": "2025-01-19T09:14:13.000000Z"}, {"uuid": "805d377f-2e6d-48e5-876e-1b0fc6e3c2e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/authoritywear/36", "content": "[Bugs vs CI/CD - round 1  CVE-2024-27198]\n\n\u0412 \u0441\u0444\u0435\u0440\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \ud83d\udc8a\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u043c \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u043c \u0437\u0430\u0449\u0438\u0442\u044b\ud83d\udee1 \u0434\u0430\u043d\u043d\u044b\u0445. \n\u0418 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043c\u044b \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043e\u0434\u043d\u0443 \u0438\u0437 \u0442\u0430\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c \u0443\u0433\u0440\u043e\u0437\u0443 \ud83d\ude35\u0434\u043b\u044f \u043c\u043d\u043e\u0433\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439!\n\n\u0412\u00a01 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2024\u00a0\u0433\u043e\u0434\u0430 \u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Rapid7\u00a0\u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e \u0441\u0435\u0440\u0432\u0435\u0440 JetBrains TeamCity CI/CD \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0443\u044e \u0441\u043e\u0431\u043e\u0439 \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u00a0\u0432\u0435\u0431\u2011\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 TeamCity.\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024\u201327198 \u0438 \u0431\u0430\u043b\u043b CVSS \u0440\u0430\u0432\u043d\u044b\u0439 9,8\u00a0(\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439).\n\n\u0421\u0441\u044b\u043b\u043e\u0447\u043a\u0430 \u043d\u0430 \u0441\u0442\u0430\u0442\u044c\u044e - https://telegra.ph/CVE-2024-27198-06-30\n\n\u041f\u0438\u0448\u0438\u0442\u0435 \u0432\u0430\u0448\u0438 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0438, \u0441\u0442\u0430\u0432\u044c\u0442\u0435 \u043b\u0430\u0439\u043a\u0438)))\n\n\nWE ARE AUTHORITY!", "creation_timestamp": "2024-07-01T00:15:51.000000Z"}, {"uuid": "b52cb19e-aac5-402e-9f97-c35e77b9b92c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/authoritywear/55", "content": "\u041c\u044b \u043d\u0430\u0431\u0440\u0430\u043b\u0438 200 \u043b\u0443\u0447\u0448\u0438\u0445 \u043f\u043e\u0434\u043f\u0438\u0441\u0447\u0438\u043a\u043e\u0432\n\n\u0421\u043f\u0430\u0441\u0438\u0431\u043e! \u041c\u044b \u0446\u0435\u043d\u0438\u043c \u043a\u0430\u0436\u0434\u043e\u0433\u043e!\n\u0417\u0430 \u044d\u0442\u043e \u0432\u0440\u0435\u043c\u044f, \u043c\u044b \u043d\u0430\u043f\u0438\u0441\u0430\u043b\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u0441\u0442\u043e\u0432.\n\u0420\u0435\u0442\u0440\u043e\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u0430.\n\u041f\u043e\u0441\u0442 \u0437\u043d\u0430\u043a\u043e\u043c\u0441\u0442\u0432\u043e\n\n\u041f\u043e\u0441\u0442\u044b \u043f\u0440\u043e \u0444\u0443\u0442\u0431\u043e\u043b\u043a\u0438:\n\u041f\u0440\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0443 \u043a \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0443\n\u041f\u0435\u0440\u0432\u044b\u0435 \u0444\u043e\u0442\u043e \u0444\u0443\u0442\u0431\u043e\u043b\u043e\u043a\n\u041f\u043e\u0441\u0442 \u043f\u0440\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0430\u0439\u0442 \u0441 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c \u043f\u0440\u0430\u0439\u0441\u043e\u043c\nHTB Writeups:\nHTB \u2013 [Writeup] Usage\nHTB \u2013 [Writeup] Runner\nHTB \u2013 [Writeup] BoardLigh\nHTB \u2013 [Writeup] Blurry\nHTB \u2013 [Writeup] GreenHorn\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0440\u0430\u0437\u0431\u043e\u0440\u044b:\n\u041f\u043e\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u0441\u044f \u0432 PEB. \u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u041f\u043e\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u0441\u044f \u0432 PEB. DLL Spoofing\n\u0420\u0430\u0437\u0431\u043e\u0440 CVE-2024-27198\n\u0420\u0430\u0437\u0431\u043e\u0440 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 JWT\n\u0412\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u0435 API-\u0440\u0438\u0441\u043a\u043e\u0432\n\u041d\u0435\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 DLL. \u0421\u0442\u0435\u043a \u0432\u044b\u0437\u043e\u0432\u043e\u0432 LoadLibrary\n\u0418\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b:\n\u0418\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u043f\u0430\u0441\u0441\u0438\u0432\u043d\u043e\u0439 \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438 \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\nemuit.  \u041f\u043b\u0430\u0433\u0438\u043d \u043a IDA \u0434\u043b\u044f \u044d\u043c\u0443\u043b\u044f\u0446\u0438\u0438 \u043a\u043e\u0434\u0430\nWID_LoadLibrary. \u041f\u0440\u0435\u043a\u0440\u0430\u0441\u043d\u044b\u0439 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439 \u0434\u043b\u044f \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 DLL\nExtreme Injector. \u0418\u043d\u0436\u0435\u043a\u0442\u043e\u0440 DLL \u043d\u0430 \u0441\u0442\u0435\u0440\u043e\u0438\u0434\u0430\u0445\nMSDOCSVIEWER. \u041f\u043b\u0430\u0433\u0438\u043d \u0434\u043b\u044f IDA, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044e WinAPI \u043d\u0430 \u043b\u0435\u0442\u0443 \u043f\u0440\u044f\u043c\u043e \u0432 \u0434\u0438\u0437\u0430\u0441\u0441\u0435\u043c\u0431\u043b\u0435\u0440\u0435\nIndetectables toolkit\n\n\u0414\u0440\u0443\u0433\u043e\u0435:\n\u0420\u0430\u0437\u0431\u043e\u0440 \u0442\u0430\u0441\u043a\u0430 SekaiCTF Cosmic Ray\n\u0420\u0430\u0437\u0431\u043e\u0440 \u0442\u0430\u0441\u043a\u0430 Russian CTF Cup 2023 Qualifier Spy\n\u0412\u0437\u043b\u043e\u043c \u0432\u043e \u0431\u043b\u0430\u0433\u043e \u0438\u043b\u0438 \u041e\u0445\u043e\u0442\u0430 \u0437\u0430 \u0431\u0430\u0443\u043d\u0442\u0438. \u0418\u043d\u0442\u0435\u0440\u0432\u044c\u044e \u0441 \u0431\u0430\u0433\u0445\u0430\u043d\u0442\u0435\u0440\u043e\u043c\n\u0412\u0438\u0434\u0435\u043e \u043f\u0440\u043e HTTP/3", "creation_timestamp": "2024-08-01T12:51:18.000000Z"}, {"uuid": "8401a7ed-2c14-47dc-8e86-042be1a64880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/bWp0NSy2M7_YyePSZ1XeOM2dFNXklw2PoTtQcD440xtk_sw", "content": "", "creation_timestamp": "2024-06-23T00:37:59.000000Z"}, {"uuid": "ba32f374-23d4-4787-b8f6-0fae5cade9b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/jBON16OrrewMuUPE8hTXq58BZa4jJp95YY67Sg14MJawlWov", "content": "", "creation_timestamp": "2024-12-19T18:55:38.000000Z"}, {"uuid": "1be27e2c-a4c9-444c-8ce4-3c348687f0a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/cJj7-KwxgaoAnLCu3K3QL6LOaYhBkq6JphH1tFgVlrOUGzU4", "content": "", "creation_timestamp": "2024-12-15T16:10:05.000000Z"}, {"uuid": "e2ebfd1e-fcc0-45db-9e05-a9b0f99db042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/l2ntYsd-M7m5V3lmAr6Z3YaVYas1Oi31eMKPa0Bmfr2jxUrS", "content": "", "creation_timestamp": "2024-12-12T11:37:26.000000Z"}, {"uuid": "39577967-d716-4362-bc2c-959b33ffdb05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/JKZurm0XrJfpcb0U2IU9EA16tdt3-BE_UTxGQDAuNYASzeZE", "content": "", "creation_timestamp": "2024-11-20T13:10:18.000000Z"}, {"uuid": "ad2f7a8c-7717-4f76-b615-0f0df395b15c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/1HktYVZ42I-rH0e5srveF9DOMXHLej2Hgw6NQjRkXllHUEte", "content": "", "creation_timestamp": "2024-11-18T10:30:39.000000Z"}, {"uuid": "c22fc8aa-a819-4ee6-ad91-504a8df8b0f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/pd7Y-EarkLzdzypBDJhRds-5yZZIaDUbBc9GzHrfT5AoMhSN", "content": "", "creation_timestamp": "2024-11-17T02:49:46.000000Z"}, {"uuid": "c6381a5a-cb07-4e92-bc6c-e849ba8d1359", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/WKbkqiaFgK2H5hk1BGzg344lOrJybkj23xUZGWixQGn6X1Vw", "content": "", "creation_timestamp": "2024-10-30T19:59:50.000000Z"}, {"uuid": "9bac51b0-5ff2-4182-ae88-500b954f4cae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/amhGMHOMGwVflD_NveqUsrRThV7uWC4faY83Jym9nqrpSWR9", "content": "", "creation_timestamp": "2024-10-27T08:17:13.000000Z"}, {"uuid": "02107962-7af8-4df3-a7dd-01fcea8d132d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/authoritywear/99", "content": "\u0414\u0440\u0443\u0437\u044c\u044f! \u041f\u043e\u0437\u0434\u0440\u0430\u0432\u043b\u044f\u0435\u043c \u0432\u0430\u0441 \u0441 \u043d\u0430\u0441\u0442\u0443\u043f\u0430\u044e\u0449\u0438\u043c \u041d\u043e\u0432\u044b\u043c \u0413\u043e\u0434\u043e\u043c!\n\u0412 2025 \u0433\u043e\u0434\u0443 \u0436\u0435\u043b\u0430\u0435\u043c \u0443\u0441\u043f\u0435\u0448\u043d\u044b\u0445 \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u0432 \u0438 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439. \n\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0439\u0442\u0435 \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u0442\u044c\u0441\u044f \u0438 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u043e\u0441\u0442\u0440\u0438\u0435 \u043c\u0438\u0440\u043e\u0432\u043e\u0439 \u0438\u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438!\n2024 \u0433\u043e\u0434 \u0441\u0442\u0430\u043b \u0433\u043e\u0434\u043e\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f AUTHORITY.\n\u0417\u0430 8 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u044b \u0443\u0441\u043f\u0435\u043b\u0438 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043c\u043d\u043e\u0433\u043e. \u041d\u0435\u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0440\u0435\u0442\u0440\u043e\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u0430:\n\nHTB Writeups:\nHTB \u2013 [Writeup] Usage \nHTB \u2013 [Writeup] Runner \nHTB \u2013 [Writeup] BoardLigh \nHTB \u2013 [Writeup] Blurry \nHTB \u2013 [Writeup] GreenHorn\nHTB \u2013 [Writeup] Sightless \n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0440\u0430\u0437\u0431\u043e\u0440\u044b:\n\u041f\u043e\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u0441\u044f \u0432 PEB. \u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \n\u041f\u043e\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u0441\u044f \u0432 PEB. DLL Spoofing \n\u0420\u0430\u0437\u0431\u043e\u0440 CVE-2024-27198 \n\u0420\u0430\u0437\u0431\u043e\u0440 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 JWT \n\u0412\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u0435 API-\u0440\u0438\u0441\u043a\u043e\u0432 \n\u041d\u0435\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 DLL. \u0421\u0442\u0435\u043a \u0432\u044b\u0437\u043e\u0432\u043e\u0432 LoadLibrary \nRickroll \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e ESP32. \u0418\u043c\u0438\u0442\u0430\u0446\u0438\u044f Bluetooth-\u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u044b \nFilesystem race condition. \u041d\u0435\u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0437\u0430\u0434\u0430\u0447\u0438 \u043d\u0430 \u041a\u0443\u0431\u043a\u0435 CTF 2024 \nThread execution hijacking. \u0418\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0448\u0435\u043b\u043b-\u043a\u043e\u0434\u0430 \u0432 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \n\n\u041f\u0435\u0440\u0435\u0432\u043e\u0434\u044b:\n\u041f\u0435\u0440\u0435\u0432\u043e\u0434 \u0441\u0442\u0430\u0442\u044c\u0438 \u00abInjecting Java in-memory payloads for post-exploitation\u00bb \n\n\u0418\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b:\n\u0418\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u043f\u0430\u0441\u0441\u0438\u0432\u043d\u043e\u0439 \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438 \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\nemuit.  \u041f\u043b\u0430\u0433\u0438\u043d \u043a IDA \u0434\u043b\u044f \u044d\u043c\u0443\u043b\u044f\u0446\u0438\u0438 \u043a\u043e\u0434\u0430 \nWID_LoadLibrary. \u041f\u0440\u0435\u043a\u0440\u0430\u0441\u043d\u044b\u0439 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439 \u0434\u043b\u044f \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 DLL \nExtreme Injector. \u0418\u043d\u0436\u0435\u043a\u0442\u043e\u0440 DLL \u043d\u0430 \u0441\u0442\u0435\u0440\u043e\u0438\u0434\u0430\u0445 \nMSDOCSVIEWER. \u041f\u043b\u0430\u0433\u0438\u043d \u0434\u043b\u044f IDA, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044e WinAPI \u043d\u0430 \u043b\u0435\u0442\u0443 \u043f\u0440\u044f\u043c\u043e \u0432 \u0434\u0438\u0437\u0430\u0441\u0441\u0435\u043c\u0431\u043b\u0435\u0440\u0435 \nIndetectables toolkit \nThemidie2. \u041f\u043b\u0430\u0433\u0438\u043d \u0434\u043b\u044f x64dbg \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043e\u043a Themida \nPyshark+SSLKeylog \nGOSHS. HTTP-\u0441\u0435\u0440\u0432\u0435\u0440 \u043d\u0430 \u0441\u0442\u0435\u0440\u043e\u0438\u0434\u0430\u0445 \nVelociraptor. \u041f\u041e \u0434\u043b\u044f \u0444\u043e\u0440\u0435\u043d\u0437\u0438\u043a\u0438 \nSMLibrary \n\n\u0418\u043d\u0442\u0435\u0440\u0432\u044c\u044e:\n[\u0418\u043d\u0442\u0435\u0440\u0432\u044c\u044e \u0441 \u0445\u0430\u043a\u0435\u0440\u043e\u043c] \u0421\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0441\u0434\u0430\u0447\u0438 OSCP \n[\u0418\u043d\u0442\u0435\u0440\u0432\u044c\u044e \u0441 \u0445\u0430\u043a\u0435\u0440\u043e\u043c] \u0425\u0430\u043a\u0435\u0440 \u0443 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u043e\u0441\u044c. \n[\u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432: \u0438\u043d\u0442\u0435\u0440\u0432\u044c\u044e \u0441 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u043e\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Positive Technologies] \n\u0412\u0437\u043b\u043e\u043c \u0432\u043e \u0431\u043b\u0430\u0433\u043e \u0438\u043b\u0438 \u041e\u0445\u043e\u0442\u0430 \u0437\u0430 \u0431\u0430\u0443\u043d\u0442\u0438. \u0418\u043d\u0442\u0435\u0440\u0432\u044c\u044e \u0441 \u0431\u0430\u0433\u0445\u0430\u043d\u0442\u0435\u0440\u043e\u043c \n\n\u041a\u043e\u043d\u043a\u0443\u0440\u0441\u044b:\n\u0420\u043e\u0437\u044b\u0433\u0440\u044b\u0448 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 FEFU Cybersecurity Center \n\u041d\u043e\u0432\u043e\u0433\u043e\u0434\u043d\u0438\u0439 \u0440\u043e\u0437\u044b\u0433\u0440\u044b\u0448 CyberED x FEFU Cybersecurity Center x AUTHORITY x o1d_bu7_go1d team \n\n\u0414\u0440\u0443\u0433\u043e\u0435:\n\u0420\u0430\u0437\u0431\u043e\u0440 \u0442\u0430\u0441\u043a\u0430 SekaiCTF Cosmic Ray \n\u0420\u0430\u0437\u0431\u043e\u0440 \u0442\u0430\u0441\u043a\u0430 Russian CTF Cup 2023 Qualifier Spy \n\u0412\u0438\u0434\u0435\u043e \u043f\u0440\u043e HTTP/3\n\n\u0412 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c \u0433\u043e\u0434\u0443 \u043c\u044b \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u043c \u0432\u0430\u0441 \u0440\u0430\u0434\u043e\u0432\u0430\u0442\u044c \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043e\u043c \u0438 \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430\u043c\u0438 :) \u041e\u0441\u0442\u0430\u0432\u0430\u0439\u0442\u0435\u0441\u044c \u0441 \u043d\u0430\u043c\u0438", "creation_timestamp": "2024-12-31T17:44:09.000000Z"}, {"uuid": "be5f67cb-4fb5-4fe7-8857-103c8f289630", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/KWTY-KoBxhXtB5b4fQQb3bDTp2UnANf7byjuu9SQOH7Ru9gO", "content": "", "creation_timestamp": "2024-10-18T22:47:06.000000Z"}, {"uuid": "49511eaa-cc9a-4b4a-9470-091cf0db4959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/EBFHsXLI8DStpWVs-fC-Bt5MKvlNLCO2Sh92J456dun8sKY", "content": "", "creation_timestamp": "2024-07-18T05:47:15.000000Z"}, {"uuid": "96b3c0c6-e0a8-4db1-87d1-fb5b62723240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/1088", "content": "\ud83d\udc49CVE-2024-27198 & CVE-2024-27199 : JetBrains TeamCity < 2023.11.4\u00a0 - Authentication Bypass To Remote Code Execution\nPOC : https://github.com/W01fh4cker/CVE-2024-27198-RCE", "creation_timestamp": "2024-03-08T23:16:21.000000Z"}, {"uuid": "647d22d2-553f-4c94-8d7e-7c2052c27684", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/4260", "content": "The Hacker News\nTeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks\n\nMultiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT.\nThe attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative", "creation_timestamp": "2024-03-20T15:21:36.000000Z"}, {"uuid": "490e92c5-335d-4c0d-ade7-1c1ccd69e371", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/team_scf_pk/1261", "content": "CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity exploit\n\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\nhttps://github.com/Chocapikk/CVE-2024-27198\n\nhttps://github.com/rapid7/metasploit-framework/pull/18922\n\nCyberspace Mapping Dork:\nFofa\napp=\"JET_BRAINS-TeamCity\"\n\nZoomEye\napp:\"JetBrains TeamCity\"\n\nHunter.how\nproduct.name=\"TeamCity\"\n\nShodan\nhttp.component:\"teamcity\"\n\nRead research: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/\n\nFor More Content Join Us\ud83d\ude09\ud83d\udc80:\n@TEAM_SCF_PK", "creation_timestamp": "2024-03-09T07:56:56.000000Z"}, {"uuid": "ba891466-0e64-4bd9-bcf2-7533f8843e60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "Telegram/E3iST3lZwZOutaoSgFfuoZ6eFjpwUIDeSKbyxLV2xONR5Q", "content": "", "creation_timestamp": "2024-05-02T02:23:05.000000Z"}, {"uuid": "b23a8f8f-543d-48e8-8ce2-de11d503c75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/leakedbigdata/4182", "content": "", "creation_timestamp": "2024-07-04T20:11:54.000000Z"}, {"uuid": "2dfb2ac3-77bc-4590-9231-a1fa12bd8171", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/pt_soft/233", "content": "\u0414\u0430\u0432\u043d\u043e \u0443\u0436\u0435 \u043c\u044b \u043d\u0435 \u043e\u0431\u0441\u0443\u0436\u0434\u0430\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0443 \u043d\u0430\u0441 \u0441\u0432\u0435\u0436\u0435\u043d\u044c\u043a\u0430\u044f RCE - CVE-2024-27198 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=9.8) \u0438 path traversal - CVE-2024-27199 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=7.3) \u0432 TeamCity CI/CD \u043e\u0442 JetBrains\n\n\u0414\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u043f\u0440\u044f\u043c\u043e \u0438\u0437 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f TeamCity CI/CD \u0432 \u0446\u0435\u043b\u043e\u043c \u0443\u0436\u0435 \u043f\u043e\u043d\u044f\u0442\u043d\u043e \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u043d\u043e \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u044b \u0434\u0435\u0442\u0430\u043b\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0435\u0434\u0438\u0441\u043b\u043e\u0432\u0438\u044f, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u044b\u0439 \u043e\u0431\u0437\u043e\u0440 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0431\u0430\u0433\u0438 \u0432 \u044d\u0442\u043e\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438.\n\n\u041f\u043e\u0437\u0430\u0432\u0447\u0435\u0440\u0430 \u0432 \u0431\u043b\u043e\u0433\u0435 Rapid7 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\nCVE-2024-27198 - \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043b\u043e\u0433\u0438\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u043a\u043b\u0430\u0441\u0441\u0430 jetbrains.buildServer.controllers.BaseController \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 web-openapi.jar. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043a\u0438 \u0438\u043b\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f access token \u0434\u043b\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 c  \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u0430 jsp=/app/rest/users;.jsp\n\ncurl -ik http://target.com/hax?jsp=/app/rest/users;.jsp -X POST -H \"Content-Type: application/json\" --data \"{\\\"username\\\": \\\"haxor\\\", \\\"password\\\": \\\"haxor\\\", \\\"email\\\": \\\"haxor\\\", \\\"roles\\\": {\\\"role\\\": [{\\\"roleId\\\": \\\"SYSTEM_ADMIN\\\", \\\"scope\\\": \\\"g\\\"}]}}\"\n\nCVE-2024-27199 - \u0442\u043e\u0436\u0435 \u043f\u0440\u043e \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u043e \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u043c \u0440\u0443\u0447\u043a\u0430\u043c /res, /update, /.well-known/acme-challenge. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441 \u0441 path traversal \u043a \u044d\u0442\u0438\u043c \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u0430\u043c, \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 /res/../admin/diagnostic.jsp \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e. \u0410 /res/../app/https/settings/uploadCertificate \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c tls \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438 https \u043f\u043e\u0440\u0442 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 /res/../app/https/settings/setPort. \n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0440\u0443\u0447\u0435\u043a \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0432 \u0431\u043b\u043e\u0433\u0435 \u0430\u0432\u0442\u043e\u0440\u043e\u0432.\n\n\u2699\ufe0f POC: https://github.com/yoryio/CVE-2024-27198, \u043c\u043e\u0434\u0443\u043b\u044c metasploit https://github.com/rapid7/metasploit-framework/pull/18922\n\ud83d\udd0e Sigma \u043f\u0440\u0430\u0432\u0438\u043b\u0430: https://github.com/rapid7/Rapid7-Labs/blob/main/Sigma/path_traversal_attacks_CVE_2024_27199.yml\n\ud83e\udeb2 \u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e: TeamCity \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\u2705 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\n#TeamCity #RCE #CVE-2024-27198", "creation_timestamp": "2024-03-25T19:29:32.000000Z"}, {"uuid": "e20f7d22-b3f1-446f-8edd-6ec5e5739370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "Telegram/yoNNgIU2JU4zwFL5vXqVgP00V9P0beeHjRLaro8CHcaWRn8", "content": "", "creation_timestamp": "2024-05-02T02:23:04.000000Z"}, {"uuid": "7bfa2755-bb10-4e88-973d-e2c283d558e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/arpsyndicate/4114", "content": "#ExploitObserverAlert\n\nCVE-2024-27198\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-27198. In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-03-06T04:40:14.000000Z"}, {"uuid": "7e75ebb8-499f-4a16-bd29-7153f51ff1ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/9By2iy6xD3MbGGv6FQtkQP6H1sAOhMLJt4LGV1X71Ca1rj4I", "content": "", "creation_timestamp": "2025-01-19T09:14:14.000000Z"}, {"uuid": "e578b49f-8d37-471e-9446-fcfc7e90d398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/arpsyndicate/4126", "content": "#ExploitObserverAlert\n\nPD/http/cves/2024/CVE-2024-27198\n\nDESCRIPTION: Exploit Observer has 69 entries in 7 file formats related to PD/http/cves/2024/CVE-2024-27198. In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible", "creation_timestamp": "2024-03-07T08:23:53.000000Z"}, {"uuid": "96db12b5-4c81-424d-8406-af132a81f547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/k1xKwv9yaYLzFkxRwEhd2btj7FrimRHw3PaSRwr4O2ef4WMI", "content": "", "creation_timestamp": "2024-11-20T13:10:14.000000Z"}, {"uuid": "2283dfad-1544-47ec-a82f-22b1bcb739df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/4mrNUna1QoTNmttWDwTK-kLh1vLF8P3ga-9-YaO4CC-dmP0", "content": "", "creation_timestamp": "2024-07-18T05:47:16.000000Z"}, {"uuid": "82b2f68e-8f10-4503-b475-8336d4b422d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/WpTdmCNqsquZs8iHyDG007ygUq6SH5oZqyWm_m-HMjWxuR4", "content": "", "creation_timestamp": "2024-06-23T00:38:01.000000Z"}, {"uuid": "6d030405-8711-4a9b-a818-119daeeadd99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/M4XxoPZH_OC8XYextgdR5WxkKovcXLI8ACZKEmDXR_uksiLa", "content": "", "creation_timestamp": "2024-11-18T10:30:40.000000Z"}, {"uuid": "826a7cd2-9629-45a6-92fd-e9c44aaf1f5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/ZDy09NHiX0fClDlB2iVlAT1hZ50A71Pj2xXFWEv4SERIt71X", "content": "", "creation_timestamp": "2024-11-17T02:49:42.000000Z"}, {"uuid": "705a0144-ba94-435e-a2ec-1b8a122e0416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/LVScKC3di6LHfG4zxdCL0SJM2ygcnfmCxYS_FrlhJaD38i8", "content": "", "creation_timestamp": "2024-10-10T22:20:05.000000Z"}, {"uuid": "3b577b3c-07e1-43fc-a3b2-b20645b5af0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/IM2nGlAHX0vMtDC98VVlALzJAp-dM0fPIzYKPT78gtA1vqs", "content": "", "creation_timestamp": "2024-10-18T22:47:07.000000Z"}, {"uuid": "7c3247d1-b824-4f39-b081-c162f8313b3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/G9aLh7Nd1VvKjXAoyzWOfpxEdEWrtzbjPmsOpxwLV_touf8", "content": "", "creation_timestamp": "2024-10-10T12:29:43.000000Z"}, {"uuid": "a0170938-cade-4b23-b800-793577d5d27a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/kVkSfFgRStVYBrsu57V28xCcp3uZtW1SgX0C-n4KU8WReuMU", "content": "", "creation_timestamp": "2025-01-18T21:25:03.000000Z"}, {"uuid": "828a05b0-f9c1-4952-9cbc-f6c4cc5b20cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/fF2HfX9WumbK8LYxUz1MEpK_tn-RoJUNQ_EWzv7xEc6_93aU", "content": "", "creation_timestamp": "2024-12-19T18:55:35.000000Z"}, {"uuid": "2437935d-d9ac-4523-8e1d-f2a250e7ee2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/0br9jeqr6ZQpdCSmtNLQ9suYBnsZo0KBvdM_iT-4xbQfu7mM", "content": "", "creation_timestamp": "2024-12-15T16:10:01.000000Z"}, {"uuid": "3c59a97e-fc19-4195-b16b-b6ac6fc517fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "Telegram/UyzWHFMwHn6vZu6F1KhrpNTCOZgoQIwQhB81uKZxocK0og", "content": "", "creation_timestamp": "2024-03-08T09:52:07.000000Z"}, {"uuid": "87e24295-c14a-4267-bd26-09b24db36ada", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/vssaZesb9JlTqbPCy9MbmGWuVHpA3TwRqRv8VMYZwumw5SlO", "content": "", "creation_timestamp": "2024-12-12T11:37:21.000000Z"}, {"uuid": "33b7fb0d-a4a3-43bf-93db-3469ea3e06c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/0bT2lalHclipV73h9JrlZr1w2SjlXFyfb1Ok-KNTlMHg8-tQ", "content": "", "creation_timestamp": "2024-10-30T19:59:50.000000Z"}, {"uuid": "5a17a148-e903-4930-bc90-13fdd372c787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/RMSa-KtajjpgIZIjxj2rupS8PYArB841O2vZ8RAN3_4gdemP", "content": "", "creation_timestamp": "2024-10-27T08:17:14.000000Z"}, {"uuid": "67c969ad-0a97-47e0-9b70-d097603555f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "Telegram/trGEwAn-mXHp7pkuxQfko9XPGzwWF72duLSxcOH5noXyFw", "content": "", "creation_timestamp": "2024-03-05T05:02:25.000000Z"}, {"uuid": "6870e59f-aeec-4a8f-88ab-4f23153507c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/XskWjCXqDfqF1zHZq5WkWQKLqRSklPr074Wv4WYmvXUudDgA", "content": "", "creation_timestamp": "2025-01-13T00:29:07.000000Z"}, {"uuid": "2870d3fd-18de-4160-a487-d2227f6e8666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/NkDUBME00IXbL4UOwi2jgxNhfr4bDsZK1Iz07-CuOtOObpWQ", "content": "", "creation_timestamp": "2025-01-06T13:55:51.000000Z"}, {"uuid": "c78728e6-1418-4d53-9330-72a0ea5e789a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/cmmSytT_v2gVgjLViXiSWn89MLBjcNS4runqt0UVGMUtteg", "content": "", "creation_timestamp": "2025-01-22T04:00:06.000000Z"}, {"uuid": "7074c235-c798-4e5d-a18e-79ff2dcdab1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/39191", "content": "", "creation_timestamp": "2024-06-23T00:33:53.000000Z"}, {"uuid": "2c0a8a28-3c91-497a-9351-06bc098e9e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/731", "content": "The Hacker News\nTeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks\n\nMultiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT.\nThe attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative", "creation_timestamp": "2024-03-20T15:21:36.000000Z"}, {"uuid": "c59d3e6c-90cd-4761-a903-bf803598d138", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/KomunitiSiber/1658", "content": "TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks\nhttps://thehackernews.com/2024/03/teamcity-flaw-leads-to-surge-in.html\n\nMultiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT.\nThe attacks entail the exploitation of\u00a0CVE-2024-27198\u00a0(CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative", "creation_timestamp": "2024-03-20T13:19:00.000000Z"}, {"uuid": "6db7c8d5-b91b-4f55-bf2d-395a6a300558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/KomunitiSiber/1583", "content": "Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers\nhttps://thehackernews.com/2024/03/critical-jetbrains-teamcity-on-premises.html\n\nA new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems.\nThe flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.\n\u201cThe", "creation_timestamp": "2024-03-05T04:46:50.000000Z"}, {"uuid": "3eb87ea2-7213-4fa6-8834-54948b460e0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/24800", "content": "Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4\n\nUpdated Version!", "creation_timestamp": "2024-05-02T16:41:56.000000Z"}, {"uuid": "eb1db346-bc82-425e-9ded-910c8df2e49b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "Telegram/k4cNZQPCckwX3NtiMvkfv7VzLINKb32JWMCymMZZvPEbuw", "content": "", "creation_timestamp": "2024-03-20T13:20:14.000000Z"}, {"uuid": "47c66920-08f1-4710-97bd-aff739239788", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/lordofficials2/2369", "content": "\ud83d\udc49CVE-2024-27198 & CVE-2024-27199 : JetBrains TeamCity < 2023.11.4\u00a0 - Authentication Bypass To Remote Code Execution\nPOC : https://github.com/W01fh4cker/CVE-2024-27198-RCE", "creation_timestamp": "2024-08-16T12:43:48.000000Z"}, {"uuid": "9d869f1d-d6f5-4944-8f60-1b6d79202f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/XbRNI1kaXwW4TgjMUMujM2At_0BNyF7OK3JbKb0H5-U7Pw", "content": "", "creation_timestamp": "2024-05-02T16:41:26.000000Z"}, {"uuid": "492d3b80-891c-4f71-9acb-0d08bb44fb39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "Telegram/MJSg8Sv1s6244nb3DVYWZm8Rju6lGyMlDeVM6a0Y3fvmnw", "content": "", "creation_timestamp": "2024-05-02T02:23:05.000000Z"}, {"uuid": "594461cb-ec7c-4777-8ef0-e8df427a9d2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/KomunitiSiber/1604", "content": "CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability\nhttps://thehackernews.com/2024/03/cisa-warns-of-actively-exploited.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday\u00a0added\u00a0a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.\nThe vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a\u00a0complete", "creation_timestamp": "2024-03-08T08:37:38.000000Z"}, {"uuid": "b5c3cf12-06c0-4df6-9439-d42b43527635", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/nI_HHfqlj-sEWky76mAClMkij5981NJZBkB3IA4Y0jELJ_s", "content": "", "creation_timestamp": "2024-04-19T20:48:56.000000Z"}, {"uuid": "0cf2b87b-3aee-4aec-8df8-96f70ab86dcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1929", "content": "CVE-2024-27198\n\u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0432 JetBrains TeamCity Server\n*\n\n#jets", "creation_timestamp": "2024-03-05T15:09:17.000000Z"}, {"uuid": "7f32bb94-377d-4f73-b74f-a3b180347cdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3952", "content": "CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity exploit\n\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\nhttps://github.com/Chocapikk/CVE-2024-27198\n\nhttps://github.com/rapid7/metasploit-framework/pull/18922\n\nCyberspace Mapping Dork:\nFofa\napp=\"JET_BRAINS-TeamCity\"\n\nZoomEye\napp:\"JetBrains TeamCity\"\n\nHunter.how\nproduct.name=\"TeamCity\"\n\nShodan\nhttp.component:\"teamcity\"\n\nRead research: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-03-09T05:14:44.000000Z"}, {"uuid": "5cc3d2e0-ee0e-48ea-9fad-90770ae67c93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5611", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u042d\u0432\u0430\u043d \u0418\u043a\u0435\u0434\u0430 \u0443\u043c\u0435\u043b\u043e \u0440\u0430\u0441\u0447\u0435\u0445\u043b\u0438\u043b \u0432\u0435\u0431-\u043f\u0430\u043d\u0435\u043b\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f Jasmin (\u0432\u0435\u0440\u0441\u0438\u0438 1.1\u00a0), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432 \u0432 \u043d\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u043f\u0435\u0440\u0435\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-30851 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0434\u0435\u0430\u043d\u043e\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043f\u0430\u043d\u0435\u043b\u0438 \u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u044c \u043a\u043b\u044e\u0447\u0438 \u0434\u0435\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0447\u0442\u043e \u0431\u044b\u043b\u043e \u0432\u0435\u0441\u044c\u043c\u0430 \u043a\u0441\u0442\u0430\u0442\u0438 \u0434\u043b\u044f \u0436\u0435\u0440\u0442\u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 ransomware-\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 TeamCity (CVE-2024-27198, CVE-2024-27199).\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u043d\u0430 github, \u0433\u0434\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u0442\u0430\u043a\u0436\u0435 CVE-2024-30850, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0434\u0440\u0443\u0433\u0443\u044e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0443\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u041f\u041e Chaos RAT.\n\n\u0418\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0438\u043c\u0435\u0435\u0442 2,2 \u0442\u044b\u0441\u044f\u0447\u0438 \u0437\u0432\u0435\u0437\u0434 \u043d\u0430 github \u0438 \u043f\u043e\u043f\u0430\u0434\u0430\u043b \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f TrendMicro \u0432 \u043a\u043e\u043d\u0446\u0435 2022 \u0433\u043e\u0434\u0430 \u0432 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445 \u043f\u043e \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0443.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442 \u0418\u043a\u0435\u0434\u0430, \u043a\u043e\u043c\u0431\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c XSS+RCE \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Chaos RAT \u0438 \u0440\u0438\u043a\u0440\u043e\u043b\u043b\u0438\u043d\u0433\u0430 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432 RAT-\u043f\u0430\u043d\u0435\u043b\u0435\u0439. PoC \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d.\n\n\u041e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u041f\u041e \u0443\u0436\u0435 \u043f\u043e\u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u0438\u043b\u0438 \u0441\u043e\u0437\u043d\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0437\u0430 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f 2 \u043d\u0435\u0434\u0435\u043b\u0438 \u043d\u0430\u0437\u0430\u0434 (\u0448\u0443\u0442\u043a\u0430).", "creation_timestamp": "2024-04-08T15:48:19.000000Z"}, {"uuid": "32cb382f-3912-422c-9807-dda7096605fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/cybersecs/2761", "content": "#CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> #RCE in #JetBrains #TeamCity #exploit\n\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\nhttps://github.com/Chocapikk/CVE-2024-27198", "creation_timestamp": "2024-03-10T23:09:13.000000Z"}, {"uuid": "3a355956-d50f-4e13-8212-e55a685ff39a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/true_secator/5497", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0431\u044c\u044e\u0442 \u0442\u0440\u0435\u0432\u043e\u0433\u0443, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044f \u043e \u043d\u0430\u0447\u0430\u0432\u0448\u0435\u0439\u0441\u044f \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 TeamCity On-Premises \u043e\u0442 JetBrains. \n\nCVE-2024-27198 \u0441 CVSS 9,8 \u0438\u0437 10 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 TeamCity \u0434\u043e\u00a02023.11.4 \u0438 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u043c \u0432 \u043f\u043e\u043d\u0435\u0434\u0435\u043b\u044c\u043d\u0438\u043a, \u043d\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0435 \u0441\u043f\u0435\u0448\u0430\u0442 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0435, \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u043d\u043e\u0439 LeakIX, \u0431\u043e\u043b\u0435\u0435 1700 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 TeamCity \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u043c\u0438.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0445\u043e\u0441\u0442\u043e\u0432 \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442\u0441\u044f \u0432 \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u0438, \u0421\u0428\u0410 \u0438 \u0420\u043e\u0441\u0441\u0438\u0438, \u0437\u0430 \u043d\u0438\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u041a\u0438\u0442\u0430\u0439, \u041d\u0438\u0434\u0435\u0440\u043b\u0430\u043d\u0434\u044b \u0438 \u0424\u0440\u0430\u043d\u0446\u0438\u044f.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c, \u0447\u0442\u043e \u0432\u0430\u0436\u043d\u043e, \u0438\u0437 \u043d\u0438\u0445 LeakIX \u0432\u044b\u0434\u0435\u043b\u044f\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 1440 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0436\u0435 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u044b \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438. \u041d\u0430 \u043d\u0438\u0445 \u0441\u043e\u0437\u0434\u0430\u043d\u043e \u043e\u0442 3 \u0434\u043e 300 \u0441\u043e\u0442\u0435\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0430 \u0448\u0430\u0431\u043b\u043e\u043d \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0439 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u00a08 \u0431\u0443\u043a\u0432\u0435\u043d\u043d\u043e-\u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0445 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432.\n\n\u0412\u044b\u0432\u043e\u0434\u044b LeakIX \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442 \u0438 \u0432 GreyNoise, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 5 \u043c\u0430\u0440\u0442\u0430 \u0440\u0435\u0437\u043a\u043e\u0435 \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2024-27198.\n\n\u041f\u043e \u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u043c, \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0438\u0437 \u0445\u043e\u0441\u0442\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b DigitalOcean \u0432 \u0421\u0428\u0410.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b LeakIX, \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b TeamCity \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u043e\u0431\u043e\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043c\u0430\u0448\u0438\u043d\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u041f\u041e, \u0447\u0442\u043e \u0437\u043d\u0430\u043c\u0435\u043d\u0443\u0435\u0442 \u043d\u0430\u0447\u0430\u043b\u0430 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n\n\u0421\u0432\u043e\u044e \u043e\u0437\u0430\u0431\u043e\u0447\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0432\u044b\u0440\u0430\u0437\u0438\u043b\u0430 \u0438 Rapid7, \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u0438\u0437\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430 TeamCity \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0432\u0441\u0435\u043c\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u043c\u0438, \u0441\u0431\u043e\u0440\u043a\u0430\u043c\u0438, \u0430\u0433\u0435\u043d\u0442\u0430\u043c\u0438 \u0438 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u0430\u043c\u0438 \u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0449\u0438\u043c \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043c\u0430\u0441\u0441\u043e\u0432\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u044b \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u043b\u0438, \u0443\u0436\u0435 \u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0442\u0430\u0434\u0438\u0438, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 TeamCity \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u0441\u0440\u043e\u0447\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0432\u043e\u0438\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432.", "creation_timestamp": "2024-03-07T11:17:11.000000Z"}, {"uuid": "5d32fcb2-3058-4f01-a491-d619af58b9e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/dmlUdttQQSrR0yBitHq7STX6jC2WOzDEVKbtIZ7c9hv8Toc", "content": "", "creation_timestamp": "2024-03-31T08:03:11.000000Z"}, {"uuid": "79869a69-48c3-4235-a791-c498b7071278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/CyberSecurityIL/39669", "content": "\u05e2\u05d5\u05e9\u05d9\u05dd \u05e9\u05d9\u05de\u05d5\u05e9 \u05d1\u05de\u05d5\u05e6\u05e8 Teamcity \u05e9\u05dc \u05d7\u05d1\u05e8\u05ea Jetbrains? \u05d7\u05d5\u05dc\u05e9\u05d4 \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05de\u05e0\u05d5\u05e6\u05dc\u05ea \u05d1\u05e4\u05d5\u05e2\u05dc \u05e2\u05dc \u05d9\u05d3\u05d9 \u05ea\u05d5\u05e7\u05e4\u05d9\u05dd, \u05e8\u05d5\u05e6\u05d5 \u05dc\u05e2\u05d3\u05db\u05df.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 CVE-2024-27198, \u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05ea\u05d5\u05e7\u05e3 \u05dc\u05d4\u05e9\u05d9\u05d2 \u05e9\u05dc\u05d9\u05d8\u05d4 \u05de\u05dc\u05d0\u05d4 \u05e2\u05dc \u05d4\u05e9\u05e8\u05ea \u05de\u05d1\u05dc\u05d9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05ea\u05d4\u05dc\u05d9\u05da \u05d4\u05d6\u05d3\u05d4\u05d5\u05ea.\n\u05d7\u05d1\u05e8\u05ea Jetbrains \u05e4\u05d9\u05e8\u05e1\u05de\u05d4 \u05e2\u05d3\u05db\u05d5\u05df \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4 - \u05e4\u05e8\u05d8\u05d9\u05dd \u05db\u05d0\u05df\n\n\u26d4 \u05e9\u05d9\u05de\u05d5 \u05dc\u05d1, \u05e7\u05d9\u05d1\u05dc\u05ea\u05d9 \u05d3\u05d9\u05d5\u05d5\u05d7\u05d9\u05dd \u05e2\u05dc \u05db\u05da \u05e9\u05e7\u05d1\u05d5\u05e6\u05ea \u05ea\u05e7\u05d9\u05e4\u05d4 \u05d4\u05e4\u05d5\u05e2\u05dc\u05ea \u05d1\u05d0\u05d5\u05e4\u05df \u05de\u05de\u05d5\u05e7\u05d3 \u05db\u05e0\u05d2\u05d3 \u05d0\u05e8\u05d2\u05d5\u05e0\u05d9\u05dd \u05d1\u05d9\u05e9\u05e8\u05d0\u05dc \u05de\u05e0\u05e6\u05dc\u05ea \u05d0\u05ea \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea. \u05d0\u05dd \u05d0\u05ea\u05dd \u05e2\u05d5\u05e9\u05d9\u05dd \u05e9\u05d9\u05de\u05d5\u05e9 \u05d1\u05de\u05d5\u05e6\u05e8 \u05d0\u05e0\u05d9 \u05de\u05e6\u05d9\u05e2 \u05dc\u05e2\u05d3\u05db\u05df \u05d1\u05de\u05d9\u05d9\u05d3\u05d9 \u05d5\u05dc\u05e2\u05e9\u05d5\u05ea \u05d1\u05d3\u05d9\u05e7\u05d4 \u05e9\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05dc\u05d0 \u05e0\u05d5\u05e6\u05dc\u05d4, \u05d1\u05e9\u05dc\u05d1 \u05e8\u05d0\u05e9\u05d5\u05df - \u05dc\u05d1\u05d3\u05d5\u05e7 \u05e9\u05dc\u05d0 \u05e0\u05d5\u05e6\u05e8\u05d5 \u05d1\u05de\u05e2\u05e8\u05db\u05ea \u05de\u05e9\u05ea\u05de\u05e9\u05d9\u05dd \u05d7\u05d3\u05e9\u05d9\u05dd \u05e2\u05dd \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05e0\u05d9\u05d4\u05d5\u05dc.\n\nhttps://t.me/CyberSecurityIL/4752\n\n#\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea #\u05d9\u05e9\u05e8\u05d0\u05dc", "creation_timestamp": "2024-03-05T09:15:57.000000Z"}, {"uuid": "9d8a64d5-a987-4823-b4d6-bb24607ba590", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6143", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Solar 4RAYS \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u044e\u0442 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0441 \u043f\u0440\u043e\u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u043c\u0438 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043e\u0441\u0442\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u043c \u0443\u0433\u0440\u043e\u0437 \u0434\u043b\u044f \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c, \u043a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u0442\u0440\u0438 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0430\u0445 \u0437\u0430\u0449\u0438\u0442\u044b \u0418\u0422-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e:\n\n- \u043d\u0435\u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0431\u0440\u0435\u0448\u0435\u0439, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0432 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u043e\u043c \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u041f\u041e;\n- \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a\u043e\u0432 \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439;\n- \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0449\u0438\u0435\u0441\u044f \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0438 \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0432\u0438\u0434\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u0430 \u0446\u0435\u043b\u0435\u0432\u044b\u043c\u0438 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u043d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u0441\u0442\u043e\u044f\u0442 \u043f\u0440\u043e\u0444\u0435\u0441\u0441\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435, \u043d\u043e \u0434\u0430\u0436\u0435 \u043e\u043d\u0438 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0432 \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043d\u044b\u0435 \u0430\u0441\u043f\u0435\u043a\u0442\u044b \u0432 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u043e\u043c \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u041f\u041e, \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044f \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f Windows \u0441 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\u043c\u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432, \u043e\u0442 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0435\u0449\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u043e\u0438\u0442 \u043d\u0430\u0439\u0442\u0438 \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u0437\u0430\u0449\u0438\u0442\u044b.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438 \u043f\u043e\u0432\u0440\u0435\u0434\u0438\u043b\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 ESXI.\n\n\u0424\u0438\u043d\u0430\u043b \u0430\u0442\u0430\u043a\u0438 \u043f\u0440\u0438\u0448\u0435\u043b\u0441\u044f \u043d\u0430 \u043c\u0430\u0439, \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u043d\u0438\u043a\u043b\u0438 \u0435\u0449\u0435 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u0440\u0442\u0430.\n\n\u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u0430 \u043f\u043e\u0441\u043b\u0443\u0436\u0438\u043b\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0439 TeamCity \u0441 CVE-2024-27198, \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0432\u0448\u0430\u044f \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d.\n\n\u0420\u0430\u0437\u0432\u0438\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0443, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 Team City, \u043f\u0435\u0440\u0435\u043c\u0435\u0441\u0442\u0438\u0432\u0448\u0438\u0441\u044c \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0430\u043b\u0430\u0441\u044c \u0434\u043b\u044f \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u041e\u043d\u0430 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u043b\u0430 \u0438\u043c \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0443 \u0441\u0435\u0442\u0438 \u0438 \u0441\u0431\u043e\u0440 \u0434\u0430\u043d\u043d\u044b\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043b\u043e\u0433\u0438\u043d\u044b \u0438 \u043f\u0430\u0440\u043e\u043b\u0438 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0432\u0438\u0434\u0435.\n\n\u0422\u0430\u043a\u0436\u0435 \u0441 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u043b\u043e\u0441\u044c \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u0432 \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0436\u0435\u0440\u0442\u0432\u044b \u043f\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0443 RDP, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438 \u043a\u043b\u044e\u0447\u0435\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u043b\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0443 \u0434\u043e\u043c\u0435\u043d\u0430.\n\n\u0412 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0441\u0447\u0435\u0442\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443.\n\n\u0412\u043e \u0432\u0442\u043e\u0440\u043e\u0439 \u0430\u0442\u0430\u043a\u0435, \u043d\u0430\u0447\u0430\u0432\u0448\u0435\u0439\u0441\u044f \u0432 \u043a\u043e\u043d\u0446\u0435 \u0430\u043f\u0440\u0435\u043b\u044f, \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0432\u0440\u0435\u0434\u0438\u043b\u0438 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u0438 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u0438 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\u00a0\n\n\u0410\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u044b, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0432 \u0445\u043e\u0434\u0435 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430, \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u043b\u0438 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 Morbid Trickster (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a Morlock), \u0430 \u043f\u043e \u0438\u0442\u043e\u0433\u0430\u043c \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u0432\u0441\u0451 \u0435\u0449\u0451 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0434\u0430\u043d\u043d\u044b\u0445, \u0447\u0442\u043e\u0431\u044b \u043e\u0442\u043d\u0435\u0441\u0442\u0438 \u0435\u0435 \u043a \u043a\u0430\u043a\u043e\u0439-\u0442\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043d\u0430\u043c \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435.\n\n\u041e\u0441\u043d\u043e\u0432\u044b\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u0442\u0438\u043b\u0438\u0442, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Lockbit, Anydesk, gs-netcat, chisel, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u043e\u043c\u0443 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044e \u0443\u0442\u0438\u043b\u0438\u0442 (kis.exe, kas.exe, mim.exe) \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u044c, \u0447\u0442\u043e \u0437\u0430 \u0434\u0432\u0443\u043c\u044f \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0441\u0442\u043e\u044f\u0442 \u043f\u0440\u043e\u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u044b.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0434\u0432\u0443\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0441 \u0445\u0440\u043e\u043d\u043e\u043b\u043e\u0433\u0438\u0435\u0439, \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u043e\u0439 \u043f\u043e \u0412\u041f\u041e, IOCs \u0438 MITRE - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2024-08-28T18:00:06.000000Z"}, {"uuid": "df977f56-5b9d-413d-83ce-13aa50a5b55a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5486", "content": "\u0411\u0443\u0440\u044e \u043d\u0435\u0433\u043e\u0434\u043e\u0432\u0430\u043d\u0438\u0439 \u0438 \u043a\u0440\u0438\u0442\u0438\u043a\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 JetBrains \u043e\u0442 \u0438\u043d\u0444\u043e\u0441\u0435\u043a-\u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0430 \u0437\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u043d\u0435\u0441\u043a\u043e\u043e\u0440\u0434\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 TeamCity, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u043c \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Rapid7 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f.\n\n\u041e\u0431\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0432\u0435\u0431-\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c TeamCity On-Premises CI/CD \u0438 \u0432\u043b\u0438\u044f\u044e\u0442 \u043d\u0430 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a \u0434\u043e 2023.11.3.\n\n\u0421\u0430\u043c\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0430\u044f \u0438\u0437 \u043d\u0438\u0445 - CVE-2024-27198 (CVSS 9,8), \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0441 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438.\n\n\u041a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430 TeamCity \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0432\u0441\u0435\u043c\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u043c\u0438, \u0441\u0431\u043e\u0440\u043a\u0430\u043c\u0438, \u0430\u0433\u0435\u043d\u0442\u0430\u043c\u0438 \u0438 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u0430\u043c\u0438 \u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0449\u0438\u043c \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n \n\u0414\u0440\u0443\u0433\u0430\u044f CVE-2024-27199 (CVSS 7.3), \u0445\u043e\u0442\u044f \u0438 \u043c\u0435\u043d\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f, - \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0432 \u0432\u0435\u0431-\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 TeamCity, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0438 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a, \u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u0436\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u0432 \u0441\u0435\u0442\u0438 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0442\u0438\u043f\u0430 DoS \u0438\u043b\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u043d\u0438\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c MiTM.\n\nJetBrains \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043d\u043e\u0432\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e TeamCity 2023.11.4, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0432 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u0437\u0436\u0435 \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u043c\u00a0\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 \u0443 \u0441\u0435\u0431\u044f \u0432 \u0431\u043b\u043e\u0433\u0435\u00a0\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u0441\u0435 \u0436\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Rapid7 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u043e\u0437\u0434\u0430\u0432 PoC, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435 (\u0441\u0435\u0430\u043d\u0441 Meterpreter) \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 TeamCity.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Rapid7 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043f\u043e\u043b\u043d\u043e\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u043e\u044f\u0441\u043d\u0435\u043d\u0438\u0435 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0447\u0438\u043d \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u043f\u0438\u0441\u0430\u0432, \u043a\u0430\u043a \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438\u043b\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u043e\u0433\u043e \u0442\u043e\u043a\u0435\u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4.\n\n\u0415\u0441\u043b\u0438 \u044d\u0442\u043e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043f\u043b\u0430\u0433\u0438\u043d \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f\u00a0TeamCity 2018.2 \u0438 \u043d\u043e\u0432\u0435\u0435, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f TeamCity 2018.1 \u0438 \u0441\u0442\u0430\u0440\u0448\u0435.\n\n\u041f\u043e\u043a\u0430 \u0436\u0435 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442\u0441\u044f, \u043d\u043e \u044d\u0442\u043e \u043b\u0438\u0448\u044c \u0434\u0435\u043b\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438. \u0411\u0435\u0437\u0443\u0441\u043b\u043e\u0432\u043d\u043e, \u0445\u0430\u043a\u0435\u0440\u044b \u043d\u0435 \u0443\u043f\u0443\u0441\u0442\u044f\u0442 \u0438\u0437 \u0432\u0438\u0434\u0443 \u0442\u0430\u043a\u0443\u044e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a (\u043c\u0443\u0434\u0430\u043a\u043e\u0432).", "creation_timestamp": "2024-03-05T10:46:12.000000Z"}, {"uuid": "03741ee0-da86-4640-a8ec-8bf04cd45070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/true_secator/5511", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 TeamCity JetBrains \u0442\u0435\u043f\u0435\u0440\u044c \u0432 \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0435 ransomware-\u0431\u0430\u043d\u0434.\n\n\u041a\u0430\u043a \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b, \u0437\u0430 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u0441\u0442\u043e\u044f\u043b\u0438 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b BianLian, \u0443\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0441\u0432\u043e\u0438\u043c\u0438 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u043c\u0438 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u041a\u0418\u0418.\n\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 CVE-2024-27198 \u0438 CVE-2024-27199 \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c. \n\n\u0412\u0441\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0431\u044b \u043e\u0431\u043e\u0448\u043b\u043e\u0441\u044c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0432 JetBrains \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0438 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 4 \u043c\u0430\u0440\u0442\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Rapid7 \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u043b\u0438 \u0432\u044b\u0441\u0442\u0440\u0435\u043b \u0432 \u0441\u043f\u0438\u043d\u0443 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u0434\u0435\u0442\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043b\u0438\u0448\u043a\u043e\u043c \u0440\u0430\u043d\u043e, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u043b\u043e \u043a \u0438\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438.\n\n\u0426\u0435\u043f\u043e\u0447\u043a\u0430 \u0430\u0442\u0430\u043a, \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0432 \u0441\u0435\u0431\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430 TeamCity \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2024-27198 \u0438\u043b\u0438 CVE-2023-42793 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0440\u0435\u0434\u0435 \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435\u043c \u043d\u043e\u0432\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0441\u0431\u043e\u0440\u043a\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u044f\u0441\u043d\u043e, \u043a\u0430\u043a\u043e\u0439 \u0438\u0437 \u0434\u0432\u0443\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b  \u0434\u043b\u044f \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f, \u043d\u043e \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 CVE-2024-27198 \u0431\u044b\u043b\u043e \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043e 6 \u043c\u0430\u0440\u0442\u0430 \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u043e, \u043a\u0430\u043a \u0440\u0430\u0437 \u0442\u0430\u043a\u0438, \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u0432 \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 PowerShell-\u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 Go \u043e\u0442 BianLian.\n\n\u0418\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 BianLian \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 Go \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0434\u0430\u043b\u044f\u044e\u0442 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u0441\u0442\u043e\u043b\u0430, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a AnyDesk, Atera, SplashTop \u0438 TeamViewer.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f Microsoft \u043a\u0430\u043a BianDoor.\n\nJetBrains \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u044b \u0443\u0441\u043f\u0435\u043b\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e \u043d\u0430\u0447\u0430\u043b\u0430 \u0430\u0442\u0430\u043a, \u043d\u043e \u0443\u0432\u044b \u043d\u0435 \u0432\u0441\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u044d\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0432\u043e\u0432\u0440\u0435\u043c\u044f, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u043b\u043e \u043a \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c ransomware-\u0430\u0442\u0430\u043a\u0430\u043c \u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0430\u043c \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 DDoS.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043e\u0431\u0432\u0438\u043d\u0438\u043b Rapid7 \u0432 \u043f\u0440\u0435\u0436\u0434\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u043c \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043d\u043e \u0434\u043e\u0439\u0434\u0443\u0442 \u043b\u0438 \u0440\u0430\u0437\u0431\u043e\u0440\u043a\u0438 \u0434\u043e \u0447\u0435\u0433\u043e-\u0442\u043e \u0431\u043e\u043b\u044c\u0448\u0435\u0433\u043e, \u0447\u0435\u043c \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0435 \u0440\u0430\u0441\u043f\u0440\u0438 \u0438\u043b\u0438 \u043a\u0430\u043a \u0432\u0441\u0435\u0433\u0434\u0430: \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u043f\u0430\u0441\u0435\u043d\u0438\u044f \u0443\u0442\u043e\u043f\u0430\u044e\u0449\u0438\u0445, \u0431\u0443\u0434\u0443\u0442 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0430\u043c\u0438\u0445 \u0443\u0442\u043e\u043f\u0430\u044e\u0449\u0438\u0445, \u0430 \u043a\u043b\u0438\u0435\u043d\u0442 \u0438\u0442\u0430\u043a \u0432\u0441\u0435 \u0441\u0442\u0435\u0440\u043f\u0438\u0442.", "creation_timestamp": "2024-03-12T16:02:32.000000Z"}, {"uuid": "16cc671e-98b5-4662-84fa-45c60ec84d06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/true_secator/5550", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Trend Micro \u0437\u0430\u0431\u0438\u043b\u0438 \u0442\u0440\u0435\u0432\u043e\u0433\u0443, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432, \u043a\u0430\u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 JetBrains TeamCity \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e. \n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e CVE-2024-27198 (CVSS 9.8) \u0438 CVE-2024-27199 (CVSS 7.3), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0430\u0434\u043c\u0438\u043d\u0441\u043a\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c.\n\n\u041f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0438\u0437 Rapid7 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u0440\u0442\u0430, \u0438\u0445 \u043f\u043e\u0447\u0442\u0438 \u0441\u0440\u0430\u0437\u0443 \u0432\u0437\u044f\u043b\u0438 \u043d\u0430 \u0432\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u044b \u0443\u0433\u0440\u043e\u0437, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0430\u043c\u0438 ransomware BianLian \u0438 Jasmin, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043c\u0430\u0439\u043d\u0435\u0440\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b XMRig \u0438 Spark RAT.\n\n\u0415\u0449\u0435 \u0440\u0430\u0437 \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435 \u043c\u0435\u0434\u043b\u0438\u0442\u044c \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u043e\u0444\u0442\u0430, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 TeamCity On-Premises \u0434\u043e 2023.11.3 \u0438 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4.\n\n\u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0435\u0449\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u043b\u0430\u0433\u0438\u043d \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0442\u0435\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0421 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 PoC \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043a\u0440\u0430\u0442\u043d\u043e \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u0430\u0441\u044c \u0438 \u0434\u0430\u0436\u0435 CISA \u0432 \u0442\u0435\u043c\u043f\u0435 \u0432\u0430\u043b\u044c\u0441\u0430 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 CVE-2024-27198 \u0432 \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.", "creation_timestamp": "2024-03-21T17:20:06.000000Z"}, {"uuid": "1b90d5a6-1773-4a2b-bf91-ce52208ba133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/ctinow/202857", "content": "https://ift.tt/3PDjCfO\nCISA Adds One Known Exploited JetBrains Vulnerability, CVE-2024-27198, to Catalog", "creation_timestamp": "2024-03-07T22:56:12.000000Z"}, {"uuid": "0594c620-c918-43e7-800b-69d1400f8f95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/true_secator/5968", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Cloudflare \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043e\u0442\u0447\u0435\u0442 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0437\u0430 2024 \u0433\u043e\u0434, \u043e\u0442\u0440\u0430\u0436\u0430\u044e\u0449\u0438\u0439 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0442\u0440\u0435\u043d\u0434\u044b \u0438\u043d\u0444\u043e\u0441\u0435\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e \u0437\u0430\u0441\u0442\u0430\u0432\u044f\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e \u043f\u0440\u0438\u0437\u0430\u0434\u0443\u043c\u0430\u0442\u044c\u0441\u044f.\n\n\u041f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0441 \u043c\u0430\u044f 2023 \u0433\u043e\u0434\u0430 \u043f\u043e \u043c\u0430\u0440\u0442 2024 \u0433\u043e\u0434\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u0438\u0448\u043b\u0438 \u043a \u0432\u044b\u0432\u043e\u0434\u0443, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0443\u0436\u0435 \u0447\u0435\u0440\u0435\u0437 22 \u043c\u0438\u043d\u0443\u0442\u044b \u043f\u043e\u0441\u043b\u0435 \u0438\u0445 \u0440\u0435\u043b\u0438\u0437\u0430.\n\n\u041e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044f \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c 57 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u0441\u0435\u043a\u0443\u043d\u0434\u0443, Cloudflare \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0445 CVE, \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 PoC \u0434\u043b\u044f \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u043d\u0438\u044f.\n\n\u0412 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u043c\u043e\u0433\u043e \u043f\u0435\u0440\u0438\u043e\u0434\u0430 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u0441\u043a\u043e\u0432\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c CVE-2023-50164 \u0438 CVE-2022-33891 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Apache, CVE-2023-29298, CVE-2023-38203 \u0438 CVE-2023-26360 \u0432 Coldfusion \u0438 CVE-2023-35082 \u0432 MobileIron.\n\n\u0425\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u043e\u043c \u0440\u043e\u0441\u0442\u0430 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2024-27198, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 JetBrains TeamCity.\n\nCloudflare \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0441\u043b\u0443\u0447\u0430\u0439, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 PoC \u0432\u0441\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 22 \u043c\u0438\u043d\u0443\u0442\u044b \u043f\u043e\u0441\u043b\u0435 \u0435\u0433\u043e \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u0438\u043b\u043e \u0437\u0430\u0449\u0438\u0442\u043d\u0438\u043a\u0430\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438.\n\nCloudflare \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u044d\u0442\u043e \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u043e \u043e\u0442\u0447\u0430\u0441\u0442\u0438 \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u044b \u0443\u0433\u0440\u043e\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043d\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u044f\u0445 CVE, \u0438\u043c\u0435\u044f \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0435 \u043f\u043e\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0431\u044b\u0441\u0442\u0440\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u043d\u043e\u0432\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0442\u0430\u043a\u043e\u0439 \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0435 - \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0418\u0418 \u0434\u043b\u044f \u0443\u0441\u043a\u043e\u0440\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u0430\u0432\u0438\u043b WAF \u0441 \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0431\u0430\u043b\u0430\u043d\u0441\u0430 \u043c\u0435\u0436\u0434\u0443 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043b\u043e\u0436\u043d\u044b\u0445 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043d\u0438\u0439 \u0438 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c\u044e \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0414\u0440\u0443\u0433\u0438\u043c \u043e\u0448\u0435\u043b\u043e\u043c\u043b\u044f\u044e\u0449\u0438\u043c \u0432\u044b\u0432\u043e\u0434\u043e\u043c \u0438\u0437 \u043e\u0442\u0447\u0435\u0442\u0430 Cloudflare \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u043e, \u0447\u0442\u043e 6,8% \u0432\u0441\u0435\u0433\u043e \u0435\u0436\u0435\u0434\u043d\u0435\u0432\u043d\u043e\u0433\u043e \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u2014 \u044d\u0442\u043e \u0442\u0440\u0430\u0444\u0438\u043a \u0442\u0438\u043f\u0430 DDoS, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 \u043e\u043d\u043b\u0430\u0439\u043d-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u044b.\n\n\u042d\u0442\u043e \u0437\u0430\u043c\u0435\u0442\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 6%, \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u0430 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u043f\u0435\u0440\u0438\u043e\u0434 (2022\u20132023 \u0433\u0433.), \u0447\u0442\u043e \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043e\u0431 \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u043e\u0431\u044a\u0435\u043c\u0430 DDoS-\u0430\u0442\u0430\u043a.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Cloudflare, \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0442\u0440\u0430\u0444\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0434\u043e\u0441\u0442\u0438\u0433\u0430\u0442\u044c \u0434\u043e 12% \u0432\u0441\u0435\u0433\u043e HTTP-\u0442\u0440\u0430\u0444\u0438\u043a\u0430.\n\n\u041e\u0442\u0447\u0435\u0442 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 PDF \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0437\u0434\u0435\u0441\u044c \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0433\u043b\u0443\u0431\u043e\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u043e\u0439 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0438.", "creation_timestamp": "2024-07-15T14:33:14.000000Z"}, {"uuid": "32619e20-32df-4c24-ad7e-fbd154364196", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/ctinow/203122", "content": "https://ift.tt/TUnveqR\nCVE-2024-27198 Exploit", "creation_timestamp": "2024-03-08T08:16:58.000000Z"}, {"uuid": "5785c4d7-0527-4b74-a678-dac67a69adc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/ctinow/199405", "content": "https://ift.tt/OcEbg4P\nCritical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)", "creation_timestamp": "2024-03-04T17:52:32.000000Z"}, {"uuid": "76dfdc35-0223-4db8-81e9-636d1b2689ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/ctinow/200719", "content": "https://ift.tt/UK6umz1\nCVE-2024-27198 | JetBrains TeamCity prior 2023.11.4 authentication bypass", "creation_timestamp": "2024-03-05T21:32:18.000000Z"}, {"uuid": "7d89dcfe-0ce6-4c48-b15b-5361b5f87d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/theninjaway1337/1479", "content": "Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware\n\nAttackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers.\n\nhttps://www.helpnetsecurity.com/2024/03/21/exploiting-cve-2024-27198/", "creation_timestamp": "2024-03-24T10:20:04.000000Z"}, {"uuid": "fec7ca97-f240-49b0-984c-f59f9b4c2fe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/information_security_channel/51689", "content": "Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure\nhttps://www.securityweek.com/critical-teamcity-vulnerability-exploitation-started-immediately-after-disclosure/\n\nCritical TeamCity authentication bypass vulnerability CVE-2024-27198 exploited in the wild after details were disclosed.\nThe post Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure (https://www.securityweek.com/critical-teamcity-vulnerability-exploitation-started-immediately-after-disclosure/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-03-07T12:29:44.000000Z"}, {"uuid": "78b0c1ef-ec60-4659-94e4-2304c219df8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "https://t.me/information_security_channel/51709", "content": "Recent TeamCity Vulnerability Exploited in Ransomware Attacks\nhttps://www.securityweek.com/recent-teamcity-vulnerability-exploited-in-ransomware-attacks/\n\nServers impacted by recently patched TeamCity vulnerability CVE-2024-27198 targeted in ransomware attacks and abused for DDoS.\nThe post Recent TeamCity Vulnerability Exploited in Ransomware Attacks (https://www.securityweek.com/recent-teamcity-vulnerability-exploited-in-ransomware-attacks/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-03-11T17:03:15.000000Z"}, {"uuid": "f21c62ce-e19b-4b25-b44b-730fd27fa97a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/15487", "content": "JetBrains \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 TeamCity\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2024-27198) \u0432 CI/CD-\u0440\u0435\u0448\u0435\u043d\u0438\u0438 TeamCity \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c. \u0422\u0430\u043a \u043a\u0430\u043a \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0432 TeamCity 2023.11.4.\n\nhttps://xakep.ru/2024/03/05/jetbrains-ispravlyaet-uyazvimosti-v-teamcity/", "creation_timestamp": "2024-03-05T17:44:42.000000Z"}, {"uuid": "3d212f3e-d19b-4e5f-8455-cc2f80f281f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/thehackernews/4634", "content": "Critical TeamCity software flaws leave CI/CD servers open to complete takeover. \n \nRead more about CVE-2024-27198, CVE-2024-27199 and update your systems now \u2192 https://thehackernews.com/2024/03/critical-jetbrains-teamcity-on-premises.html", "creation_timestamp": "2024-03-05T06:04:34.000000Z"}, {"uuid": "6b2e1053-05c0-43d5-abe7-4a289219c412", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-02)", "content": "", "creation_timestamp": "2026-05-02T00:00:00.000000Z"}, {"uuid": "9cbd7286-9b9c-4a8b-af41-05160007815d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/redscriptfreelog/6986", "content": "CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity exploit\n\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\nhttps://github.com/Chocapikk/CVE-2024-27198\n\nhttps://github.com/rapid7/metasploit-framework/pull/18922\n\nCyberspace Mapping Dork:\nFofa\napp=\"JET_BRAINS-TeamCity\"\n\nZoomEye\napp:\"JetBrains TeamCity\"\n\nHunter.how\nproduct.name=\"TeamCity\"\n\nShodan\nhttp.component:\"teamcity\"\n\nRead research: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-03-28T05:55:07.000000Z"}, {"uuid": "684f4c05-07b2-4752-95a3-4b4abddf83a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/6429", "content": "CVE-2024-27198 & CVE-2024-27199 AUTHENTICATION BYPASS\nRce in jetbrains teamcity exploit \n\nGithub\n\nGithub\n\n#exploit #Cve #Bypass\n\u2014\u2014\u2014\u2014\u2014\u2014\u200c\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2024-03-31T15:37:36.000000Z"}, {"uuid": "1a2dce62-1f46-4323-873c-afe4fd30dc22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10102", "content": "#exploit\n1. CVE-2024-27198,\nCVE-2024-27199:\nAuth Bypass -> RCE in JetBrains TeamCity\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n]-> https://github.com/Chocapikk/CVE-2024-27198\n\n2. CVE-2024-1929, CVE-2024-1930:\nLocal root Exploit/DoS in dnf5 D-Bus Components\nhttps://www.openwall.com/lists/oss-security/2024/03/04/2", "creation_timestamp": "2024-03-07T11:01:01.000000Z"}, {"uuid": "23f7e6bd-4a89-403e-93d9-404821d34817", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "https://t.me/LearnExploit/6446", "content": "TeamCity \nCVE-2024-27198 & CVE-2024-27199 TeamCity Authentication Bypass\n\nLearnBox:\n1_Exploits\n2_Video\n\n#CVE #Bug #Authentication #Bypass\n\u2796\u2796\u2796\u2796\u2796\u2796\u2796\n\ud83d\udce3 T.me/LearnExploit\n\ud83d\udce3 T.me/BugCod3", "creation_timestamp": "2024-04-04T17:58:15.000000Z"}, {"uuid": "6fbc0c4f-6fbb-4af6-bbc9-e85f2e4f91fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-04)", "content": "", "creation_timestamp": "2026-05-04T00:00:00.000000Z"}, {"uuid": "269535b4-e80d-4a09-b494-bcc914d296bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "published-proof-of-concept", "source": "Telegram/r-yGV86ve6CJvHgpzhMoNWZH5bZGli4my6WN0xiaVp8_ng", "content": "", "creation_timestamp": "2024-10-30T19:59:40.000000Z"}, {"uuid": "2a99ef2f-863e-41df-b28c-8b1c31f6c8d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-30)", "content": "", "creation_timestamp": "2026-04-30T00:00:00.000000Z"}, {"uuid": "ce0ecb7d-0bff-4858-aa3f-e311d948396b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-04)", "content": "", "creation_timestamp": "2026-05-04T00:00:00.000000Z"}, {"uuid": "89072ed6-d42f-481f-96e8-23c1a167d5d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-08)", "content": "", "creation_timestamp": "2026-05-08T00:00:00.000000Z"}, {"uuid": "77d8731c-e945-439f-b423-88c7d6ac0059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-05)", "content": "", "creation_timestamp": "2026-05-05T00:00:00.000000Z"}, {"uuid": "20f8c54e-8a8e-443f-86cf-9af5cd352804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-07)", "content": "", "creation_timestamp": "2026-05-07T00:00:00.000000Z"}, {"uuid": "8b3a7d4d-20d8-4226-81e7-c0f1a757f9b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27198", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-08)", "content": "", "creation_timestamp": "2026-05-08T00:00:00.000000Z"}]}