Log In
Request Demo Start 30-Day Trial
Back to CVEs
CVE CVE

CVE-2024-27198

CISA Known Exploited Vulnerability (KEV)

JetBrains TeamCity Authentication Bypass Vulnerability

March 7, 2024

March 28, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

References

Weakness Enumeration

CWE-ID CWE Name

CWE-288 		Authentication Bypass Using an Alternate Path or Channel

Known Affected Software Configurations


cpe:2.3:a:jetbrains:teamcity:2023.11:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2023.11.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2023.11.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2024.03:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:-:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2023.11.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2023.11.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2023.05.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.04.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.10.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.10.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.04.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.10.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.04.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.04.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.1.7:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.1.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.1.6:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.1.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.0.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.0.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.0.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.1.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.0.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2023.05:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.10.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.10:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2021.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.04.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2022.04:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.2.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.2.85695:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.2.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.2.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.1.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.1.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.1.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.1.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.1.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2020.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.2.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.2.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.2.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.2.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.2.0:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.1.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.1.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.1.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.1.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:10.0:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:9.0:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:8.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:7.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:7.0:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:6.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:6.0:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:5.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:5.0:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:4.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:4.0:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:3.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:3.0:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2.0:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.1.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.1:rc:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2019.1:-:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.2.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.2.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.2.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.2.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.2:rc:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.2:-:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.1.5:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.1.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.1.3:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.1.2:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.1.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.1:rc:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2018.1:-:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2017.2.4:*:*:*:*:*:*:*

cpe:2.3:a:jetbrains:teamcity:2017.2.3:*:*:*:*:*:*:*

Details

Source:
NVD
Published:
Updated:

Risk information

CVSS v3

Base score:
9.8
Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined