CVE-2024-27198: JetBrains TeamCity Auth Bypass

Score: 9.8
CRITICAL
Published: 2024-03-04Affected: JetBrains TeamCity < 2023.11.4CWE-288 β†—

What is the TeamCity authentication bypass?

Authentication bypass in JetBrains TeamCity enabling unauthenticated remote attackers to take complete control of the CI/CD server. Attackers can create admin accounts and execute arbitrary code on the build server.

Impact & Exploitation

Exploited by Russian APT29 (Cozy Bear). Enables supply chain attacks through CI/CD pipeline compromise. Access to build servers exposes source code, secrets, and deployment credentials.

Related Resources

πŸ›‘οΈ Notable Vulnerabilities

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9.8
SeverityCRITICAL
CWECWE-288
Published2024-03-04

Tags

ci-cdauth-bypassaptsupply-chain

Quick Links

Is your system affected?

Precogs AI detects JetBrains TeamCity Auth Bypass in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2024-27198 JetBrains TeamCity Auth Bypass don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo