{"vulnerability": "CVE-2024-27199", "sightings": [{"uuid": "cd36ed3f-ef5e-4576-9473-adf9d5116fdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-27)", "content": "", "creation_timestamp": "2025-01-27T00:00:00.000000Z"}, {"uuid": "b7bc3fa4-0cc9-436e-a3d5-d28ffbbf298b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-04)", "content": "", "creation_timestamp": "2025-01-04T00:00:00.000000Z"}, {"uuid": "e863ff5b-dd06-4d3c-afd9-b10e5de677e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-07)", "content": "", "creation_timestamp": "2024-12-07T00:00:00.000000Z"}, {"uuid": "299bf84a-80d7-4cd1-87a9-9e2dad470766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-14)", "content": "", "creation_timestamp": "2024-12-14T00:00:00.000000Z"}, {"uuid": "40297647-d18d-4c93-bfef-68c1fbbe4989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "8d1d48be-7bf1-4d35-8b79-05c58d018f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-06)", "content": "", "creation_timestamp": "2025-03-06T00:00:00.000000Z"}, {"uuid": "ac8a5242-7472-40b3-b8ce-b8a4fa6c558c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "624b7074-b256-4f20-a083-324ceac3c229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-15)", "content": "", "creation_timestamp": "2025-02-15T00:00:00.000000Z"}, {"uuid": "6be691bc-86a8-410e-9ada-83e71bdc5d64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-12)", "content": "", "creation_timestamp": "2025-04-12T00:00:00.000000Z"}, {"uuid": "495ff247-c8bf-4cd5-b81d-337147ffbded", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://bsky.app/profile/kooteksec.bsky.social/post/3lqhsbnof2c22", "content": "", "creation_timestamp": "2025-05-31T12:56:38.772183Z"}, {"uuid": "eca144ac-4f87-439d-be26-4b52f3800326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-23)", "content": "", "creation_timestamp": "2025-04-23T00:00:00.000000Z"}, {"uuid": "f0b1d8c3-8446-4fce-a326-d8df94d00c57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-26)", "content": "", "creation_timestamp": "2025-04-26T00:00:00.000000Z"}, {"uuid": "cfc5fb37-1002-481b-9388-6aaa232e12da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-24)", "content": "", "creation_timestamp": "2025-04-24T00:00:00.000000Z"}, {"uuid": "8657de31-a54e-4a46-b00a-927fd8401163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-30)", "content": "", "creation_timestamp": "2025-06-30T00:00:00.000000Z"}, {"uuid": "385bc405-ca12-4948-9ae9-273052a5d12f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-05)", "content": "", "creation_timestamp": "2025-11-05T00:00:00.000000Z"}, {"uuid": "4e0cebbc-4611-4a12-9762-839218081437", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-24)", "content": "", "creation_timestamp": "2025-07-24T00:00:00.000000Z"}, {"uuid": "3c560aeb-8e2d-421f-a466-6834f8a643cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-27)", "content": "", "creation_timestamp": "2025-08-27T00:00:00.000000Z"}, {"uuid": "9e52cae4-4644-4559-9a5a-1a0fb5cf4282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-15)", "content": "", "creation_timestamp": "2026-01-15T00:00:00.000000Z"}, {"uuid": "435688db-7683-4428-be60-24e394f058b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-11)", "content": "", "creation_timestamp": "2025-12-11T00:00:00.000000Z"}, {"uuid": "92d74446-44fc-4333-83a6-0757ce4f97c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-06)", "content": "", "creation_timestamp": "2026-01-06T00:00:00.000000Z"}, {"uuid": "51a3c779-06a2-4360-824a-c7ae6148df40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-20)", "content": "", "creation_timestamp": "2026-01-20T00:00:00.000000Z"}, {"uuid": "aeb668dd-b442-4282-b5c1-fdaa40c083ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-18)", "content": "", "creation_timestamp": "2026-01-18T00:00:00.000000Z"}, {"uuid": "46cc06cc-5a45-4cc2-aaa6-65d94989f05a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-", "content": "", "creation_timestamp": "2026-04-07T04:00:00.000000Z"}, {"uuid": "c6db8e49-987f-4815-89fa-72186524ab62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-02)", "content": "", "creation_timestamp": "2026-04-02T00:00:00.000000Z"}, {"uuid": "c50c30dc-7e45-4e61-8a9f-296f4a50fae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "MISP/f3b16ca9-f749-4169-9a68-b159e6aaf5ed", "content": "", "creation_timestamp": "2026-04-08T07:25:53.000000Z"}, {"uuid": "057fe409-93a3-4af0-8727-ba6a4cad82c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/", "content": "", "creation_timestamp": "2026-04-06T04:00:00.000000Z"}, {"uuid": "0ed32408-d8a2-47e4-b283-0a3198aa72ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-authentication-bypass-and-path-traversal-vulnerabilities-jetbrains-teamcity", "content": "", "creation_timestamp": "2026-04-21T05:10:14.000000Z"}, {"uuid": "34ef274b-ea38-4f4a-bdb6-ca217098e317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-19)", "content": "", "creation_timestamp": "2026-04-19T00:00:00.000000Z"}, {"uuid": "225c9dfc-68d3-4e8c-ac2f-6a559e5794dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "MISP/f3b16ca9-f749-4169-9a68-b159e6aaf5ed", "content": "", "creation_timestamp": "2026-04-18T13:07:25.000000Z"}, {"uuid": "aafc291b-08a1-4410-9143-ba4a156de333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://www.acn.gov.it/portale/w/poc-pubblici-per-lo-sfruttamento-di-vulnerabilita-in-jetbrains-teamcity", "content": "", "creation_timestamp": "2024-03-07T09:21:00.000000Z"}, {"uuid": "c2bad8c9-a3a8-44a8-8da4-9589d094f2b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-24)", "content": "", "creation_timestamp": "2026-04-24T00:00:00.000000Z"}, {"uuid": "d8c0295a-34d1-4412-87e8-3f045e54eea8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-21)", "content": "", "creation_timestamp": "2026-04-21T00:00:00.000000Z"}, {"uuid": "7c5a987b-7abf-469e-b0d2-f43f7f986f73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8237", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2024-27198 & CVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information  #RCE #python3\nURL\uff1ahttps://github.com/Pypi-Project/RCity-CVE-2024-27198\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-08-12T04:52:25.000000Z"}, {"uuid": "5bb0ec0f-f805-419d-b6b0-54dab3e98797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7141", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information\nURL\uff1ahttps://github.com/Stuub/RCity-CVE-2024-27199\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-04-22T22:38:58.000000Z"}, {"uuid": "89a35ee9-2f5a-45ec-b318-77a09682ec8f", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/cf10e176-a91e-463a-abd8-ef3edb3a5263", "content": "", "creation_timestamp": "2026-04-20T20:00:03.719006Z"}, {"uuid": "d8d1e353-d074-4669-bd8c-cdc77c3b2c10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mjy3x67srm2n", "content": "", "creation_timestamp": "2026-04-21T04:02:04.149646Z"}, {"uuid": "175eaca7-557c-4044-8c6f-670f555f5aa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-23)", "content": "", "creation_timestamp": "2026-04-23T00:00:00.000000Z"}, {"uuid": "afadadf3-d309-4ca6-b703-452946e959c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6922", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aEm fevereiro de 2024, foi identificado duas novas vulnerabilidades que afetam o servidor JetBrains TeamCity (CVE-2024-27198 e CVE-2024-27199)\nURL\uff1ahttps://github.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198-\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-04-02T09:51:58.000000Z"}, {"uuid": "43ca72ad-ebd5-4716-8ad5-d1f2b47cb6c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6730", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4\nURL\uff1ahttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-06T03:17:48.000000Z"}, {"uuid": "adc1735c-b69d-4c90-ada9-57dd9e6d5fd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-27)", "content": "", "creation_timestamp": "2026-04-27T00:00:00.000000Z"}, {"uuid": "1c5e53ee-3432-4fdf-8c58-c25b71f1de01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mkevanrdo22s", "content": "", "creation_timestamp": "2026-04-26T06:06:44.265413Z"}, {"uuid": "83acc7c1-633b-473d-a827-62d548488581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7147", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information\nURL\uff1ahttps://github.com/Stuub/RCity-CVE-2024-27198\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-05-09T15:32:56.000000Z"}, {"uuid": "f7662761-bdf7-47c3-a67f-e05f62122c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-26)", "content": "", "creation_timestamp": "2026-04-26T00:00:00.000000Z"}, {"uuid": "34b52ef3-b0f0-424c-830e-4838d30c785f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkgzljmjvd2z", "content": "", "creation_timestamp": "2026-04-27T02:29:41.385679Z"}, {"uuid": "cd935765-b98a-43ff-9a37-8f3e07110558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-25)", "content": "", "creation_timestamp": "2026-04-25T00:00:00.000000Z"}, {"uuid": "80b1a3cd-1de7-43f4-9f84-add524f78804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/202", "content": "CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)\n\n\ud83d\udc64 by Rapid7\n\nIn February 2024, Rapid7\u2019s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server:\n\n\u2022 CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288) and has a CVSS base score of 9.8 (Critical).\n\n\u2022 CVE-2024-27199 is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue (CWE-22) and has a CVSS base score of 7.3 (High).\n\n\ud83d\udcdd Contents:\n\u25cf Overview\n\u25cf Impact\n\u25cf Remediation\n\u25cf Analysis\n    \u2022 CVE-2024-27198\n    \u2022 CVE-2024-27199\n\u25cf Rapid7 customers\n\u25cf Timeline\n\nhttps://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-03-05T11:02:15.000000Z"}, {"uuid": "1bc24166-a022-4b36-ba67-65e729999032", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/poxek/3774", "content": "\u0414\u0430\u0432\u043d\u043e \u0443\u0436\u0435 \u043c\u044b \u043d\u0435 \u043e\u0431\u0441\u0443\u0436\u0434\u0430\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0443 \u043d\u0430\u0441 \u0441\u0432\u0435\u0436\u0435\u043d\u044c\u043a\u0430\u044f RCE - CVE-2024-27198 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=9.8) \u0438 path traversal - CVE-2024-27199 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=7.3) \u0432 TeamCity CI/CD \u043e\u0442 JetBrains\n\n\u0414\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u043f\u0440\u044f\u043c\u043e \u0438\u0437 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f TeamCity CI/CD \u0432 \u0446\u0435\u043b\u043e\u043c \u0443\u0436\u0435 \u043f\u043e\u043d\u044f\u0442\u043d\u043e \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u043d\u043e \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u044b \u0434\u0435\u0442\u0430\u043b\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0435\u0434\u0438\u0441\u043b\u043e\u0432\u0438\u044f, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u044b\u0439 \u043e\u0431\u0437\u043e\u0440 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0431\u0430\u0433\u0438 \u0432 \u044d\u0442\u043e\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438.\n\n\u041f\u043e\u0437\u0430\u0432\u0447\u0435\u0440\u0430 \u0432 \u0431\u043b\u043e\u0433\u0435 Rapid7 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\nCVE-2024-27198 - \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043b\u043e\u0433\u0438\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u043a\u043b\u0430\u0441\u0441\u0430 jetbrains.buildServer.controllers.BaseController \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 web-openapi.jar. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043a\u0438 \u0438\u043b\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f access token \u0434\u043b\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 c  \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u0430 jsp=/app/rest/users;.jsp\n\ncurl -ik http://target.com/hax?jsp=/app/rest/users;.jsp -X POST -H \"Content-Type: application/json\" --data \"{\\\"username\\\": \\\"haxor\\\", \\\"password\\\": \\\"haxor\\\", \\\"email\\\": \\\"haxor\\\", \\\"roles\\\": {\\\"role\\\": [{\\\"roleId\\\": \\\"SYSTEM_ADMIN\\\", \\\"scope\\\": \\\"g\\\"}]}}\"\n\nCVE-2024-27199 - \u0442\u043e\u0436\u0435 \u043f\u0440\u043e \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u043e \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u043c \u0440\u0443\u0447\u043a\u0430\u043c /res, /update, /.well-known/acme-challenge. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441 \u0441 path traversal \u043a \u044d\u0442\u0438\u043c \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u0430\u043c, \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 /res/../admin/diagnostic.jsp \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e. \u0410 /res/../app/https/settings/uploadCertificate \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c tls \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438 https \u043f\u043e\u0440\u0442 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 /res/../app/https/settings/setPort. \n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0440\u0443\u0447\u0435\u043a \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0432 \u0431\u043b\u043e\u0433\u0435 \u0430\u0432\u0442\u043e\u0440\u043e\u0432.\n\n\u2699\ufe0f POC: https://github.com/yoryio/CVE-2024-27198, \u043c\u043e\u0434\u0443\u043b\u044c metasploit https://github.com/rapid7/metasploit-framework/pull/18922\n\ud83d\udd0e Sigma \u043f\u0440\u0430\u0432\u0438\u043b\u0430: https://github.com/rapid7/Rapid7-Labs/blob/main/Sigma/path_traversal_attacks_CVE_2024_27199.yml\n\ud83e\udeb2 \u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e: TeamCity \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\u2705 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\n#TeamCity #RCE #CVE-2024-27198", "creation_timestamp": "2024-03-08T13:01:36.000000Z"}, {"uuid": "c1b891c3-7a08-4b23-b1dd-bc61e9eaa2e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/beaverdreamer/137", "content": "#teamcity #cicd\n\u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u0432\u044b\u0448\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2024-27198 \u0438 CVE-2024-27199) \u0432 JetBrains TeamCity \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u0430 CVE-2024-27198, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0414\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0442\u0440\u0451\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u0439:\n- \u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0435 \u043a \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u0441\u043e \u0441\u0442\u0430\u0442\u0443\u0441\u043e\u043c \u043e\u0442\u0432\u0435\u0442\u0430 404\n- \u041f\u0435\u0440\u0435\u0434\u0430\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 jsp, \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u043d\u0430 URL, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (\u043d\u0430 \u043d\u0435\u0433\u043e \u0438 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0430)\n- \u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0447\u0442\u043e\u0431\u044b \u043f\u0443\u0442\u044c \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u043b\u0441\u044f \u043d\u0430 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 jsp, \u0442\u0430\u043a \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0435\u0446 \u043f\u0440\u043e\u0441\u0442\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c: ;.jsp \n\n\u0412 \u0438\u0442\u043e\u0433\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0441\u0441\u044b\u043b\u043a\u0443 \u0432\u0438\u0434\u0430: /hax?jsp=/app/rest/server;.jsp, \u043f\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u043e\u0436\u0435\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u0435\u0440\u0441\u0438\u044e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (\u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043e\u0431\u0449\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435).\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-27199 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043a \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0431\u043e\u043b\u0435\u0435 \u043c\u0435\u043d\u044c\u0448\u0435\u043c\u0443 \u043f\u0435\u0440\u0435\u0447\u043d\u044e \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u043e\u0432 (\u0441\u043c. \u0440\u0435\u0441\u0435\u0440\u0447).\n\n\u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e TeamCity \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043d\u0430 \u043f\u043e\u0440\u0442\u0443 8111/tcp\n\n\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043f\u0435\u0440\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\nPython: https://github.com/Chocapikk/CVE-2024-27198\n\u041c\u043e\u0434\u0443\u043b\u044c \u043c\u0435\u0442\u0430\u0441\u043f\u043b\u043e\u0439\u0442\u0430: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2023_42793.rb\n\n\u041e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u0440\u0435\u0441\u0435\u0440\u0447 + \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438:\nhttps://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-03-12T10:39:08.000000Z"}, {"uuid": "31b089c8-dcf6-4f17-8e79-e48fdb463798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/purple_medved/201", "content": "\u0414\u0430\u0432\u043d\u043e \u0443\u0436\u0435 \u043c\u044b \u043d\u0435 \u043e\u0431\u0441\u0443\u0436\u0434\u0430\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0443 \u043d\u0430\u0441 \u0441\u0432\u0435\u0436\u0435\u043d\u044c\u043a\u0430\u044f RCE - CVE-2024-27198 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=9.8) \u0438 path traversal - CVE-2024-27199 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=7.3) \u0432 TeamCity CI/CD \u043e\u0442 JetBrains\n\n\u0414\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u043f\u0440\u044f\u043c\u043e \u0438\u0437 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f TeamCity CI/CD \u0432 \u0446\u0435\u043b\u043e\u043c \u0443\u0436\u0435 \u043f\u043e\u043d\u044f\u0442\u043d\u043e \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u043d\u043e \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u044b \u0434\u0435\u0442\u0430\u043b\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0435\u0434\u0438\u0441\u043b\u043e\u0432\u0438\u044f, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u044b\u0439 \u043e\u0431\u0437\u043e\u0440 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0431\u0430\u0433\u0438 \u0432 \u044d\u0442\u043e\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438.\n\n\u041f\u043e\u0437\u0430\u0432\u0447\u0435\u0440\u0430 \u0432 \u0431\u043b\u043e\u0433\u0435 Rapid7 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\nCVE-2024-27198 - \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043b\u043e\u0433\u0438\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u043a\u043b\u0430\u0441\u0441\u0430 jetbrains.buildServer.controllers.BaseController \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 web-openapi.jar. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043a\u0438 \u0438\u043b\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f access token \u0434\u043b\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 c  \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u0430 jsp=/app/rest/users;.jsp\n\ncurl -ik http://target.com/hax?jsp=/app/rest/users;.jsp -X POST -H \"Content-Type: application/json\" --data \"{\\\"username\\\": \\\"haxor\\\", \\\"password\\\": \\\"haxor\\\", \\\"email\\\": \\\"haxor\\\", \\\"roles\\\": {\\\"role\\\": [{\\\"roleId\\\": \\\"SYSTEM_ADMIN\\\", \\\"scope\\\": \\\"g\\\"}]}}\"\n\nCVE-2024-27199 - \u0442\u043e\u0436\u0435 \u043f\u0440\u043e \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u043e \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u043c \u0440\u0443\u0447\u043a\u0430\u043c /res, /update, /.well-known/acme-challenge. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441 \u0441 path traversal \u043a \u044d\u0442\u0438\u043c \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u0430\u043c, \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 /res/../admin/diagnostic.jsp \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e. \u0410 /res/../app/https/settings/uploadCertificate \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c tls \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438 https \u043f\u043e\u0440\u0442 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 /res/../app/https/settings/setPort. \n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0440\u0443\u0447\u0435\u043a \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0432 \u0431\u043b\u043e\u0433\u0435 \u0430\u0432\u0442\u043e\u0440\u043e\u0432.\n\n\u2699\ufe0f POC: https://github.com/yoryio/CVE-2024-27198, \u043c\u043e\u0434\u0443\u043b\u044c metasploit https://github.com/rapid7/metasploit-framework/pull/18922\n\ud83d\udd0e Sigma \u043f\u0440\u0430\u0432\u0438\u043b\u0430: https://github.com/rapid7/Rapid7-Labs/blob/main/Sigma/path_traversal_attacks_CVE_2024_27199.yml\n\ud83e\udeb2 \u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e: TeamCity \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\u2705 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\n#TeamCity #RCE #CVE-2024-27198", "creation_timestamp": "2024-03-06T07:34:46.000000Z"}, {"uuid": "ec17cf60-8deb-46f0-8c52-5e244f1e9be2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://t.me/bizone_channel/1133", "content": "\ud83e\udd65 BI.ZONE WAF \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u0442 \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 JetBrains TeamCity\n\n\u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435\u00a0\u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e\u00a0\u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 CI/CD \u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u041f\u041e JetBrains TeamCity.\u00a0\u041e\u043d\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0432\u0435\u0431-\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c TeamCity On-Premises CI/CD \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 \u0434\u043e 2023.11.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e.\n\n\u0420\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043e\u0431 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435:\n\ud83d\udd35CVE-2024-27198 (BDU:2024-01792) \u2014 9,8 \u0438\u0437 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043d\u043e\u0432\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u044d\u0442\u043e\u043c\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0440\u0435\u0434\u043e\u0439.\n\n\ud83d\udd35CVE-2024-27199 \u2014 7,3 \u0438\u0437 10 \u0431\u0430\u043b\u043b\u043e\u0432\u00a0\u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS\n\u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u0435\u0445\u043d\u0438\u043a\u0443 path traversal, \u0447\u0442\u043e\u0431\u044b \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 TeamCity. \u0422\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0443\u0437\u043d\u0430\u0442\u044c \u043e \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u0445 \u0432 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0438 \u0438\u0445 \u0441\u0442\u0430\u0442\u0443\u0441\u0430\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u0440\u0443\u0433\u0443\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e.\n\n\u041a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 JetBrains TeamCity \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 2023.11.4. \u0427\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0440\u0438\u0441\u043a\u0430 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u044d\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u0422\u0430\u043a\u0436\u0435 \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f \u043f\u043e\u043c\u043e\u0436\u0435\u0442 BI.ZONE WAF. \u041d\u0430\u0448\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0437\u0430\u0449\u0438\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u044b \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0430\u0448\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u0430 BI.ZONE CPT. \u041d\u043e\u0432\u044b\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0441\u043a\u0430\u043d\u0435\u0440\u0443 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 TeamCity.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435", "creation_timestamp": "2024-03-12T11:59:15.000000Z"}, {"uuid": "5221e62c-7e19-4823-b057-0f5e1dd6e973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "Telegram/XQHWJnL4rtz2wwTs82EaD4JRdpenCZKjrs-m23qHD4IpVQ", "content": "", "creation_timestamp": "2024-03-05T05:12:55.000000Z"}, {"uuid": "6c53e988-e31b-4152-9973-e5bfcc0a1b21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/3616", "content": "CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity exploit\n\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\nhttps://github.com/Chocapikk/CVE-2024-27198\n\nhttps://github.com/rapid7/metasploit-framework/pull/18922\n\nCyberspace Mapping Dork:\nFofa\napp=\"JET_BRAINS-TeamCity\"\n\nZoomEye\napp:\"JetBrains TeamCity\"\n\nHunter.how\nproduct.name=\"TeamCity\"\n\nShodan\nhttp.component:\"teamcity\"\n\nRead research: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-04-20T12:09:32.000000Z"}, {"uuid": "80e7ccd6-24f0-4eee-a522-bf58d55cd245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/3613", "content": "CVE-2024-27198 \u0648 -27199: \u062a\u062c\u0627\u0648\u0632 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0641\u064a JetBrains TeamCity\u060c \u062a\u0642\u064a\u064a\u0645 9.8 \ud83d\udd25\n\n\u062a\u0644\u0643 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0642\u062f \u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u062a\u062c\u0627\u0648\u0632 \u0641\u062d\u0648\u0635\u0627\u062a \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0623\u0630\u0648\u0646\u0627\u062a \u0625\u062f\u0627\u0631\u064a\u0629 \u0639\u0644\u0649 \u062e\u0627\u062f\u0645 TeamCity. \u062a\u0623\u062b\u0631\u062a \u062c\u0645\u064a\u0639 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u062d\u062a\u0649 2023.11.3!\n\n\u0627\u0644\u0631\u0627\u0628\u0637: [https://nt.ls/7DYva](https://nt.ls/7DYva)\n\ud83d\udc49 Dork: http.headers.set_cookie:TCSESSIONID NOT http.body:\"2023.11.3\" NOT http.body:\"2023.11.4\"\n\n\u0627\u0644\u062a\u062d\u0630\u064a\u0631 \u0627\u0644\u062e\u0627\u0635 \u0628\u0627\u0644\u0628\u0627\u0626\u0639: [https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/](https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/)", "creation_timestamp": "2024-04-20T11:46:51.000000Z"}, {"uuid": "3cbca2d4-348b-45c4-9b1a-b5d242800b77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/2301", "content": "\ud83d\udea8CVE-2024-27198 & CVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information\n\nhttps://darkwebinformer.com/cve-2024-27198-cve-2024-27199-poc-rce-admin-account-creation-enum-users-server-information/", "creation_timestamp": "2024-08-12T16:09:21.000000Z"}, {"uuid": "0ddfa7d3-b1b8-435f-abf1-f7e8a07119fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "Telegram/I91EOBQSMc6QgjUmUkKdNTKa6NaT2PcSSuIhzR5ia60pL0zH", "content": "", "creation_timestamp": "2024-03-06T13:25:47.000000Z"}, {"uuid": "2967a985-ddff-42b7-a932-95b9218e23f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "Telegram/I1tI3l6b8xrgMTEVhRCInb0fj1yPckRKSe-doD8aKIaUgA", "content": "", "creation_timestamp": "2024-03-09T12:31:47.000000Z"}, {"uuid": "cc9b564d-0c1d-4c8d-aa7f-b86b5e7319fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/team_scf_pk/1261", "content": "CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity exploit\n\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\nhttps://github.com/Chocapikk/CVE-2024-27198\n\nhttps://github.com/rapid7/metasploit-framework/pull/18922\n\nCyberspace Mapping Dork:\nFofa\napp=\"JET_BRAINS-TeamCity\"\n\nZoomEye\napp:\"JetBrains TeamCity\"\n\nHunter.how\nproduct.name=\"TeamCity\"\n\nShodan\nhttp.component:\"teamcity\"\n\nRead research: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/\n\nFor More Content Join Us\ud83d\ude09\ud83d\udc80:\n@TEAM_SCF_PK", "creation_timestamp": "2024-03-09T07:56:56.000000Z"}, {"uuid": "d6576886-658e-49fe-a457-75c2a95f6f43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "Telegram/55T-lGDs2FZ-WKgBKdaWKbWzfkFyrCHQ3wH4n1NcvIpAM7f0", "content": "", "creation_timestamp": "2024-04-05T13:01:47.000000Z"}, {"uuid": "fe646eaa-b6c7-4976-83d1-5bd8e24139f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/1088", "content": "\ud83d\udc49CVE-2024-27198 & CVE-2024-27199 : JetBrains TeamCity < 2023.11.4\u00a0 - Authentication Bypass To Remote Code Execution\nPOC : https://github.com/W01fh4cker/CVE-2024-27198-RCE", "creation_timestamp": "2024-03-08T23:16:21.000000Z"}, {"uuid": "9f699c71-8208-4181-a07f-8d6dada4eb48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://t.me/arpsyndicate/4113", "content": "#ExploitObserverAlert\n\nCVE-2024-27199\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-27199. In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions  was possible\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-03-06T04:31:42.000000Z"}, {"uuid": "808e4b80-b46d-4e82-b2c1-da249a1e1fc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/pt_soft/233", "content": "\u0414\u0430\u0432\u043d\u043e \u0443\u0436\u0435 \u043c\u044b \u043d\u0435 \u043e\u0431\u0441\u0443\u0436\u0434\u0430\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0443 \u043d\u0430\u0441 \u0441\u0432\u0435\u0436\u0435\u043d\u044c\u043a\u0430\u044f RCE - CVE-2024-27198 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=9.8) \u0438 path traversal - CVE-2024-27199 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS=7.3) \u0432 TeamCity CI/CD \u043e\u0442 JetBrains\n\n\u0414\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u043f\u0440\u044f\u043c\u043e \u0438\u0437 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f TeamCity CI/CD \u0432 \u0446\u0435\u043b\u043e\u043c \u0443\u0436\u0435 \u043f\u043e\u043d\u044f\u0442\u043d\u043e \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u043d\u043e \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u044b \u0434\u0435\u0442\u0430\u043b\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0435\u0434\u0438\u0441\u043b\u043e\u0432\u0438\u044f, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u044b\u0439 \u043e\u0431\u0437\u043e\u0440 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0431\u0430\u0433\u0438 \u0432 \u044d\u0442\u043e\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438.\n\n\u041f\u043e\u0437\u0430\u0432\u0447\u0435\u0440\u0430 \u0432 \u0431\u043b\u043e\u0433\u0435 Rapid7 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\nCVE-2024-27198 - \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043b\u043e\u0433\u0438\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u043a\u043b\u0430\u0441\u0441\u0430 jetbrains.buildServer.controllers.BaseController \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 web-openapi.jar. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043a\u0438 \u0438\u043b\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f access token \u0434\u043b\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 c  \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u0430 jsp=/app/rest/users;.jsp\n\ncurl -ik http://target.com/hax?jsp=/app/rest/users;.jsp -X POST -H \"Content-Type: application/json\" --data \"{\\\"username\\\": \\\"haxor\\\", \\\"password\\\": \\\"haxor\\\", \\\"email\\\": \\\"haxor\\\", \\\"roles\\\": {\\\"role\\\": [{\\\"roleId\\\": \\\"SYSTEM_ADMIN\\\", \\\"scope\\\": \\\"g\\\"}]}}\"\n\nCVE-2024-27199 - \u0442\u043e\u0436\u0435 \u043f\u0440\u043e \u0431\u0430\u0439\u043f\u0430\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u043e \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u043c \u0440\u0443\u0447\u043a\u0430\u043c /res, /update, /.well-known/acme-challenge. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441 \u0441 path traversal \u043a \u044d\u0442\u0438\u043c \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u0430\u043c, \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 /res/../admin/diagnostic.jsp \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e. \u0410 /res/../app/https/settings/uploadCertificate \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c tls \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438 https \u043f\u043e\u0440\u0442 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 /res/../app/https/settings/setPort. \n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0440\u0443\u0447\u0435\u043a \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0432 \u0431\u043b\u043e\u0433\u0435 \u0430\u0432\u0442\u043e\u0440\u043e\u0432.\n\n\u2699\ufe0f POC: https://github.com/yoryio/CVE-2024-27198, \u043c\u043e\u0434\u0443\u043b\u044c metasploit https://github.com/rapid7/metasploit-framework/pull/18922\n\ud83d\udd0e Sigma \u043f\u0440\u0430\u0432\u0438\u043b\u0430: https://github.com/rapid7/Rapid7-Labs/blob/main/Sigma/path_traversal_attacks_CVE_2024_27199.yml\n\ud83e\udeb2 \u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e: TeamCity \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\u2705 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4\n\n#TeamCity #RCE #CVE-2024-27198", "creation_timestamp": "2024-03-25T19:29:32.000000Z"}, {"uuid": "15158ccc-e6ec-4391-b4c3-084335e56743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://t.me/arpsyndicate/4127", "content": "#ExploitObserverAlert\n\nPD/http/cves/2024/CVE-2024-27199\n\nDESCRIPTION: Exploit Observer has 9 entries in 6 file formats related to PD/http/cves/2024/CVE-2024-27199. In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible", "creation_timestamp": "2024-03-07T08:28:34.000000Z"}, {"uuid": "43581ec2-9cce-453d-b239-fc69642b97d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2017", "content": "CVE-2024-27199 TeamCity server\n*\nCVE \u043e\u0431\u043b\u0435\u0433\u0447\u0430\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432 \u043e\u0431\u0445\u043e\u0434 \u043e\u0448\u0438\u0431\u043e\u043a 403 \u0432 \u0434\u043e\u043c\u0435\u043d\u0435.\n*\nusage:\npython RCity.py -t http://teamcity.com:8111 --verbose\n*\nExploit\n\n#teamcity", "creation_timestamp": "2024-04-23T14:40:46.000000Z"}, {"uuid": "bc2f436e-ef8b-45d9-91a5-8fad9e4c3e00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/lordofficials2/2369", "content": "\ud83d\udc49CVE-2024-27198 & CVE-2024-27199 : JetBrains TeamCity < 2023.11.4\u00a0 - Authentication Bypass To Remote Code Execution\nPOC : https://github.com/W01fh4cker/CVE-2024-27198-RCE", "creation_timestamp": "2024-08-16T12:43:48.000000Z"}, {"uuid": "290802bd-7df4-4098-b469-c954f2b536ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://t.me/KomunitiSiber/1583", "content": "Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers\nhttps://thehackernews.com/2024/03/critical-jetbrains-teamcity-on-premises.html\n\nA new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems.\nThe flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.\n\u201cThe", "creation_timestamp": "2024-03-05T04:46:50.000000Z"}, {"uuid": "06bb8895-c683-4bb2-8df4-3d9695ec0a0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3952", "content": "CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity exploit\n\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\nhttps://github.com/Chocapikk/CVE-2024-27198\n\nhttps://github.com/rapid7/metasploit-framework/pull/18922\n\nCyberspace Mapping Dork:\nFofa\napp=\"JET_BRAINS-TeamCity\"\n\nZoomEye\napp:\"JetBrains TeamCity\"\n\nHunter.how\nproduct.name=\"TeamCity\"\n\nShodan\nhttp.component:\"teamcity\"\n\nRead research: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-03-09T05:14:44.000000Z"}, {"uuid": "4dba8498-6a4b-4203-b1d8-2fc9b2a92f30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "Telegram/trGEwAn-mXHp7pkuxQfko9XPGzwWF72duLSxcOH5noXyFw", "content": "", "creation_timestamp": "2024-03-05T05:02:25.000000Z"}, {"uuid": "e8f74d77-d6d7-42a8-879a-cf8dd29b6432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "Telegram/nI_HHfqlj-sEWky76mAClMkij5981NJZBkB3IA4Y0jELJ_s", "content": "", "creation_timestamp": "2024-04-19T20:48:56.000000Z"}, {"uuid": "3a69561b-5df5-4074-9c93-4a520f118b43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://t.me/cybersecs/2761", "content": "#CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> #RCE in #JetBrains #TeamCity #exploit\n\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\nhttps://github.com/Chocapikk/CVE-2024-27198", "creation_timestamp": "2024-03-10T23:09:13.000000Z"}, {"uuid": "b6606aac-99bb-4738-96eb-12ef5af658f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "Telegram/dmlUdttQQSrR0yBitHq7STX6jC2WOzDEVKbtIZ7c9hv8Toc", "content": "", "creation_timestamp": "2024-03-31T08:03:11.000000Z"}, {"uuid": "da881d7c-f915-48a5-aee4-01d5373557dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5611", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u042d\u0432\u0430\u043d \u0418\u043a\u0435\u0434\u0430 \u0443\u043c\u0435\u043b\u043e \u0440\u0430\u0441\u0447\u0435\u0445\u043b\u0438\u043b \u0432\u0435\u0431-\u043f\u0430\u043d\u0435\u043b\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f Jasmin (\u0432\u0435\u0440\u0441\u0438\u0438 1.1\u00a0), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432 \u0432 \u043d\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u043f\u0435\u0440\u0435\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-30851 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0434\u0435\u0430\u043d\u043e\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043f\u0430\u043d\u0435\u043b\u0438 \u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u044c \u043a\u043b\u044e\u0447\u0438 \u0434\u0435\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0447\u0442\u043e \u0431\u044b\u043b\u043e \u0432\u0435\u0441\u044c\u043c\u0430 \u043a\u0441\u0442\u0430\u0442\u0438 \u0434\u043b\u044f \u0436\u0435\u0440\u0442\u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 ransomware-\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 TeamCity (CVE-2024-27198, CVE-2024-27199).\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u043d\u0430 github, \u0433\u0434\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u0442\u0430\u043a\u0436\u0435 CVE-2024-30850, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0434\u0440\u0443\u0433\u0443\u044e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0443\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u041f\u041e Chaos RAT.\n\n\u0418\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0438\u043c\u0435\u0435\u0442 2,2 \u0442\u044b\u0441\u044f\u0447\u0438 \u0437\u0432\u0435\u0437\u0434 \u043d\u0430 github \u0438 \u043f\u043e\u043f\u0430\u0434\u0430\u043b \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f TrendMicro \u0432 \u043a\u043e\u043d\u0446\u0435 2022 \u0433\u043e\u0434\u0430 \u0432 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445 \u043f\u043e \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0443.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442 \u0418\u043a\u0435\u0434\u0430, \u043a\u043e\u043c\u0431\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c XSS+RCE \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Chaos RAT \u0438 \u0440\u0438\u043a\u0440\u043e\u043b\u043b\u0438\u043d\u0433\u0430 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432 RAT-\u043f\u0430\u043d\u0435\u043b\u0435\u0439. PoC \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d.\n\n\u041e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u041f\u041e \u0443\u0436\u0435 \u043f\u043e\u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u0438\u043b\u0438 \u0441\u043e\u0437\u043d\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0437\u0430 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f 2 \u043d\u0435\u0434\u0435\u043b\u0438 \u043d\u0430\u0437\u0430\u0434 (\u0448\u0443\u0442\u043a\u0430).", "creation_timestamp": "2024-04-08T15:48:19.000000Z"}, {"uuid": "0572266f-a2f0-49af-b8bc-08e4bd6ea5d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "https://t.me/true_secator/5550", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Trend Micro \u0437\u0430\u0431\u0438\u043b\u0438 \u0442\u0440\u0435\u0432\u043e\u0433\u0443, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432, \u043a\u0430\u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 JetBrains TeamCity \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e. \n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e CVE-2024-27198 (CVSS 9.8) \u0438 CVE-2024-27199 (CVSS 7.3), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0430\u0434\u043c\u0438\u043d\u0441\u043a\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c.\n\n\u041f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0438\u0437 Rapid7 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u0440\u0442\u0430, \u0438\u0445 \u043f\u043e\u0447\u0442\u0438 \u0441\u0440\u0430\u0437\u0443 \u0432\u0437\u044f\u043b\u0438 \u043d\u0430 \u0432\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u044b \u0443\u0433\u0440\u043e\u0437, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0430\u043c\u0438 ransomware BianLian \u0438 Jasmin, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043c\u0430\u0439\u043d\u0435\u0440\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b XMRig \u0438 Spark RAT.\n\n\u0415\u0449\u0435 \u0440\u0430\u0437 \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435 \u043c\u0435\u0434\u043b\u0438\u0442\u044c \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u043e\u0444\u0442\u0430, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 TeamCity On-Premises \u0434\u043e 2023.11.3 \u0438 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4.\n\n\u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0435\u0449\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u043b\u0430\u0433\u0438\u043d \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0442\u0435\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0421 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 PoC \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043a\u0440\u0430\u0442\u043d\u043e \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u0430\u0441\u044c \u0438 \u0434\u0430\u0436\u0435 CISA \u0432 \u0442\u0435\u043c\u043f\u0435 \u0432\u0430\u043b\u044c\u0441\u0430 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 CVE-2024-27198 \u0432 \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.", "creation_timestamp": "2024-03-21T17:20:06.000000Z"}, {"uuid": "71f07016-c967-485e-b05e-84ce93065634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://t.me/thehackernews/4634", "content": "Critical TeamCity software flaws leave CI/CD servers open to complete takeover. \n \nRead more about CVE-2024-27198, CVE-2024-27199 and update your systems now \u2192 https://thehackernews.com/2024/03/critical-jetbrains-teamcity-on-premises.html", "creation_timestamp": "2024-03-05T06:04:34.000000Z"}, {"uuid": "1bcb0114-b600-4197-b68c-762e07974a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://t.me/ctinow/199405", "content": "https://ift.tt/OcEbg4P\nCritical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)", "creation_timestamp": "2024-03-04T17:52:32.000000Z"}, {"uuid": "8437476e-41a9-4296-b8d5-b6a4528f03ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5486", "content": "\u0411\u0443\u0440\u044e \u043d\u0435\u0433\u043e\u0434\u043e\u0432\u0430\u043d\u0438\u0439 \u0438 \u043a\u0440\u0438\u0442\u0438\u043a\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 JetBrains \u043e\u0442 \u0438\u043d\u0444\u043e\u0441\u0435\u043a-\u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0430 \u0437\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u043d\u0435\u0441\u043a\u043e\u043e\u0440\u0434\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 TeamCity, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u043c \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Rapid7 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f.\n\n\u041e\u0431\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0432\u0435\u0431-\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c TeamCity On-Premises CI/CD \u0438 \u0432\u043b\u0438\u044f\u044e\u0442 \u043d\u0430 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a \u0434\u043e 2023.11.3.\n\n\u0421\u0430\u043c\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0430\u044f \u0438\u0437 \u043d\u0438\u0445 - CVE-2024-27198 (CVSS 9,8), \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0441 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438.\n\n\u041a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430 TeamCity \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0432\u0441\u0435\u043c\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u043c\u0438, \u0441\u0431\u043e\u0440\u043a\u0430\u043c\u0438, \u0430\u0433\u0435\u043d\u0442\u0430\u043c\u0438 \u0438 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u0430\u043c\u0438 \u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0449\u0438\u043c \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n \n\u0414\u0440\u0443\u0433\u0430\u044f CVE-2024-27199 (CVSS 7.3), \u0445\u043e\u0442\u044f \u0438 \u043c\u0435\u043d\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f, - \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0432 \u0432\u0435\u0431-\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 TeamCity, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0438 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a, \u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u0436\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u0432 \u0441\u0435\u0442\u0438 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0442\u0438\u043f\u0430 DoS \u0438\u043b\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u043d\u0438\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c MiTM.\n\nJetBrains \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043d\u043e\u0432\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e TeamCity 2023.11.4, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0432 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u0437\u0436\u0435 \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u043c\u00a0\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 \u0443 \u0441\u0435\u0431\u044f \u0432 \u0431\u043b\u043e\u0433\u0435\u00a0\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u0441\u0435 \u0436\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Rapid7 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u043e\u0437\u0434\u0430\u0432 PoC, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435 (\u0441\u0435\u0430\u043d\u0441 Meterpreter) \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 TeamCity.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Rapid7 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043f\u043e\u043b\u043d\u043e\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u043e\u044f\u0441\u043d\u0435\u043d\u0438\u0435 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0447\u0438\u043d \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u043f\u0438\u0441\u0430\u0432, \u043a\u0430\u043a \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438\u043b\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u043e\u0433\u043e \u0442\u043e\u043a\u0435\u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2023.11.4.\n\n\u0415\u0441\u043b\u0438 \u044d\u0442\u043e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043f\u043b\u0430\u0433\u0438\u043d \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f\u00a0TeamCity 2018.2 \u0438 \u043d\u043e\u0432\u0435\u0435, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f TeamCity 2018.1 \u0438 \u0441\u0442\u0430\u0440\u0448\u0435.\n\n\u041f\u043e\u043a\u0430 \u0436\u0435 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442\u0441\u044f, \u043d\u043e \u044d\u0442\u043e \u043b\u0438\u0448\u044c \u0434\u0435\u043b\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438. \u0411\u0435\u0437\u0443\u0441\u043b\u043e\u0432\u043d\u043e, \u0445\u0430\u043a\u0435\u0440\u044b \u043d\u0435 \u0443\u043f\u0443\u0441\u0442\u044f\u0442 \u0438\u0437 \u0432\u0438\u0434\u0443 \u0442\u0430\u043a\u0443\u044e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a (\u043c\u0443\u0434\u0430\u043a\u043e\u0432).", "creation_timestamp": "2024-03-05T10:46:12.000000Z"}, {"uuid": "73dcbab2-e2bc-4659-af20-ab170d93ba40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "https://t.me/true_secator/5511", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 TeamCity JetBrains \u0442\u0435\u043f\u0435\u0440\u044c \u0432 \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0435 ransomware-\u0431\u0430\u043d\u0434.\n\n\u041a\u0430\u043a \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b, \u0437\u0430 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u0441\u0442\u043e\u044f\u043b\u0438 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b BianLian, \u0443\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0441\u0432\u043e\u0438\u043c\u0438 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u043c\u0438 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u041a\u0418\u0418.\n\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 CVE-2024-27198 \u0438 CVE-2024-27199 \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c. \n\n\u0412\u0441\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0431\u044b \u043e\u0431\u043e\u0448\u043b\u043e\u0441\u044c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0432 JetBrains \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0438 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 4 \u043c\u0430\u0440\u0442\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Rapid7 \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u043b\u0438 \u0432\u044b\u0441\u0442\u0440\u0435\u043b \u0432 \u0441\u043f\u0438\u043d\u0443 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u0434\u0435\u0442\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043b\u0438\u0448\u043a\u043e\u043c \u0440\u0430\u043d\u043e, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u043b\u043e \u043a \u0438\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438.\n\n\u0426\u0435\u043f\u043e\u0447\u043a\u0430 \u0430\u0442\u0430\u043a, \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0432 \u0441\u0435\u0431\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430 TeamCity \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2024-27198 \u0438\u043b\u0438 CVE-2023-42793 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0440\u0435\u0434\u0435 \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435\u043c \u043d\u043e\u0432\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0441\u0431\u043e\u0440\u043a\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u044f\u0441\u043d\u043e, \u043a\u0430\u043a\u043e\u0439 \u0438\u0437 \u0434\u0432\u0443\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b  \u0434\u043b\u044f \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f, \u043d\u043e \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 CVE-2024-27198 \u0431\u044b\u043b\u043e \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043e 6 \u043c\u0430\u0440\u0442\u0430 \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u043e, \u043a\u0430\u043a \u0440\u0430\u0437 \u0442\u0430\u043a\u0438, \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u0432 \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 PowerShell-\u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 Go \u043e\u0442 BianLian.\n\n\u0418\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 BianLian \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 Go \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0434\u0430\u043b\u044f\u044e\u0442 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u0441\u0442\u043e\u043b\u0430, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a AnyDesk, Atera, SplashTop \u0438 TeamViewer.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f Microsoft \u043a\u0430\u043a BianDoor.\n\nJetBrains \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u044b \u0443\u0441\u043f\u0435\u043b\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e \u043d\u0430\u0447\u0430\u043b\u0430 \u0430\u0442\u0430\u043a, \u043d\u043e \u0443\u0432\u044b \u043d\u0435 \u0432\u0441\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u044d\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0432\u043e\u0432\u0440\u0435\u043c\u044f, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u043b\u043e \u043a \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c ransomware-\u0430\u0442\u0430\u043a\u0430\u043c \u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0430\u043c \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 DDoS.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043e\u0431\u0432\u0438\u043d\u0438\u043b Rapid7 \u0432 \u043f\u0440\u0435\u0436\u0434\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u043c \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043d\u043e \u0434\u043e\u0439\u0434\u0443\u0442 \u043b\u0438 \u0440\u0430\u0437\u0431\u043e\u0440\u043a\u0438 \u0434\u043e \u0447\u0435\u0433\u043e-\u0442\u043e \u0431\u043e\u043b\u044c\u0448\u0435\u0433\u043e, \u0447\u0435\u043c \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0435 \u0440\u0430\u0441\u043f\u0440\u0438 \u0438\u043b\u0438 \u043a\u0430\u043a \u0432\u0441\u0435\u0433\u0434\u0430: \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u043f\u0430\u0441\u0435\u043d\u0438\u044f \u0443\u0442\u043e\u043f\u0430\u044e\u0449\u0438\u0445, \u0431\u0443\u0434\u0443\u0442 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0430\u043c\u0438\u0445 \u0443\u0442\u043e\u043f\u0430\u044e\u0449\u0438\u0445, \u0430 \u043a\u043b\u0438\u0435\u043d\u0442 \u0438\u0442\u0430\u043a \u0432\u0441\u0435 \u0441\u0442\u0435\u0440\u043f\u0438\u0442.", "creation_timestamp": "2024-03-12T16:02:32.000000Z"}, {"uuid": "b0881552-7033-473a-9c43-d3d1cf298952", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://t.me/ctinow/200720", "content": "https://ift.tt/9HubZB3\nCVE-2024-27199 | JetBrains TeamCity prior 2023.11.4 path traversal", "creation_timestamp": "2024-03-05T21:32:19.000000Z"}, {"uuid": "d057c5fc-e28a-403e-a437-d962fa2203d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-30)", "content": "", "creation_timestamp": "2026-04-30T00:00:00.000000Z"}, {"uuid": "3fa9972e-8f5b-4db9-9929-4127938d6c1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://t.me/redscriptfreelog/6986", "content": "CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity exploit\n\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n\nhttps://github.com/Chocapikk/CVE-2024-27198\n\nhttps://github.com/rapid7/metasploit-framework/pull/18922\n\nCyberspace Mapping Dork:\nFofa\napp=\"JET_BRAINS-TeamCity\"\n\nZoomEye\napp:\"JetBrains TeamCity\"\n\nHunter.how\nproduct.name=\"TeamCity\"\n\nShodan\nhttp.component:\"teamcity\"\n\nRead research: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-03-28T05:55:07.000000Z"}, {"uuid": "6a561993-2674-4ac5-a92f-46491bbb2482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10102", "content": "#exploit\n1. CVE-2024-27198,\nCVE-2024-27199:\nAuth Bypass -> RCE in JetBrains TeamCity\nhttps://github.com/W01fh4cker/CVE-2024-27198-RCE\n]-> https://github.com/Chocapikk/CVE-2024-27198\n\n2. CVE-2024-1929, CVE-2024-1930:\nLocal root Exploit/DoS in dnf5 D-Bus Components\nhttps://www.openwall.com/lists/oss-security/2024/03/04/2", "creation_timestamp": "2024-03-07T11:01:01.000000Z"}, {"uuid": "a0682574-b76e-41f8-bfbc-430b557799f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-04)", "content": "", "creation_timestamp": "2026-05-04T00:00:00.000000Z"}, {"uuid": "7d29fccf-b8ab-49ce-a840-62a81adb0ebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/6429", "content": "CVE-2024-27198 & CVE-2024-27199 AUTHENTICATION BYPASS\nRce in jetbrains teamcity exploit \n\nGithub\n\nGithub\n\n#exploit #Cve #Bypass\n\u2014\u2014\u2014\u2014\u2014\u2014\u200c\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2024-03-31T15:37:36.000000Z"}, {"uuid": "95693b21-65ee-428f-9b00-6a965e0b8a19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "seen", "source": "https://t.me/LearnExploit/6446", "content": "TeamCity \nCVE-2024-27198 & CVE-2024-27199 TeamCity Authentication Bypass\n\nLearnBox:\n1_Exploits\n2_Video\n\n#CVE #Bug #Authentication #Bypass\n\u2796\u2796\u2796\u2796\u2796\u2796\u2796\n\ud83d\udce3 T.me/LearnExploit\n\ud83d\udce3 T.me/BugCod3", "creation_timestamp": "2024-04-04T17:58:15.000000Z"}, {"uuid": "3f8a1297-d238-4b2f-90ea-dca7d2a8fcb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27199", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-05)", "content": "", "creation_timestamp": "2026-05-05T00:00:00.000000Z"}]}