On 3 March 2024, JetBrains published a blog post describing two authentication bypass vulnerabilities affecting the On-Premises Servers of TeamCity. An unauthenticated threat actor with HTTP(S) access to a TeamCity Server can exploit these vulnerabilities to bypass authentication and gain administrative control of a TeamCity Server.
CVE-2024-27198 (CVSS 9.8): Alternative path issue in the web component of TeamCity that can lead to remote code execution (RCE).
CVE-2024-27199 (CVSS 7.3): Path traversal issue in the web component of TeamCity that can lead to information disclosure and certain system modifications such as replacing the HTTPS certificate of a vulnerable TeamCity server with a certificate a threat actor chooses.
TeamCity is a continuous integration/continuous deployment (CI/CD) software platform for automating and managing the development of software. At this time, Arctic Wolf has not identified any active exploitation of this vulnerability or Proof-of-Concept (PoC) exploits. However, in late 2023, Russian Foreign Intelligence Service (SVR) affiliated threat actors exploited a similar authentication bypass vulnerability (CVE-2023-42793) to target TeamCity servers. Considering the potential for various malicious actions upon exploitation, coupled with recent activity of TeamCity servers being targeted, Arctic Wolf anticipates that threat actors will focus on targeting these vulnerabilities in the near future.
Recommendation for 2024-27198 and CVE-2024-27199
Upgrade JetBrains TeamCity On-Premises to 2023.11.4
Arctic Wolf strongly recommends upgrading TeamCity On-Premises to 2023.11.4.
Product | Affected Version | Fixed Version |
TeamCity On-Premises | 2023.11.3 and before | 2023.11.4 |
Note: JetBrains has stated that all TeamCity Cloud servers have been patched.
Please follow your organization’s patching and testing guidelines to avoid operational impact.
Workaround (Optional)
For users who are unable to upgrade their server to version 2023.11.4, JetBrains has provided a security patch plugin that can be used to patch your environment. The patch plugins can be downloaded below for your respective version of TeamCity:
Downloads |
TeamCity 2018.2 and newer, TeamCity 2018.1 and older |