2024-27198 and CVE-2024-27199: Authentication Bypass RCE Vulnerabilities Affecting On-Premises Servers of TeamCity

Share :

On 3 March 2024, JetBrains published a blog post describing two authentication bypass vulnerabilities affecting the On-Premises Servers of TeamCity. An unauthenticated threat actor with HTTP(S) access to a TeamCity Server can exploit these vulnerabilities to bypass authentication and gain administrative control of a TeamCity Server. 

CVE-2024-27198 (CVSS 9.8): Alternative path issue in the web component of TeamCity that can lead to remote code execution (RCE). 

CVE-2024-27199 (CVSS 7.3): Path traversal issue in the web component of TeamCity that can lead to information disclosure and certain system modifications such as replacing the HTTPS certificate of a vulnerable TeamCity server with a certificate a threat actor chooses. 

TeamCity is a continuous integration/continuous deployment (CI/CD) software platform for automating and managing the development of software. At this time, Arctic Wolf has not identified any active exploitation of this vulnerability or Proof-of-Concept (PoC) exploits. However, in late 2023, Russian Foreign Intelligence Service (SVR) affiliated threat actors exploited a similar authentication bypass vulnerability (CVE-2023-42793) to target TeamCity servers. Considering the potential for various malicious actions upon exploitation, coupled with recent activity of TeamCity servers being targeted, Arctic Wolf anticipates that threat actors will focus on targeting these vulnerabilities in the near future. 

Recommendation for 2024-27198 and CVE-2024-27199

Upgrade JetBrains TeamCity On-Premises to 2023.11.4

Arctic Wolf strongly recommends upgrading TeamCity On-Premises to 2023.11.4. 

Product  Affected Version  Fixed Version 
TeamCity On-Premises  2023.11.3 and before  2023.11.4 


Note: JetBrains has stated that all TeamCity Cloud servers have been patched. 

Please follow your organization’s patching and testing guidelines to avoid operational impact. 

Workaround (Optional)

For users who are unable to upgrade their server to version 2023.11.4, JetBrains has provided a security patch plugin that can be used to patch your environment. The patch plugins can be downloaded below for your respective version of TeamCity: 

TeamCity 2018.2 and newer, TeamCity 2018.1 and older 


  1. TeamCity Blog Post 
  2. Rapid 7 Technical Blog Post 
  3. CISA Advisory (CVE-2023-42793 Exploitation) 
Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents