CVE-2024-27199
JetBrains TeamCity Relative Path Traversal Vulnerability - [Actively Exploited]
Description
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
INFO
Published Date :
March 4, 2024, 6:15 p.m.
Last Modified :
April 21, 2026, 12:48 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known Detected Apr 22, 2026
https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Upgrade to JetBrains TeamCity version 2023.11.4 or later.
Public PoC/Exploit Available at Github
CVE-2024-27199 has a 24 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-27199.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-27199 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-27199
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Breach intelligence notes: structured YAML records of breach reports, advisories, and cyber incidents
Go Just HTML HCL CSS JavaScript Go Template Python Shell
Security Tracker
Python
Try Hack Me Write Up
None
Makefile C Ruby
A writeup for the Brains room on TryHackMe.
None
None
Python Dockerfile
Notes and Commands to remember for the OSCP Certification exam.
PoC about CVE-2024-27198
Python
CVE-2024-27198 & CVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information #RCE #python3
Python
CVE-2024-27198 & CVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information
code-injection cve cve-2024-27199 jetbrains owasp python python3 rce teamcity cve-2024-27198
Python
None
Jasmin ransomware web panel path traversal PoC
Python
Em fevereiro de 2024, foi identificado duas novas vulnerabilidades que afetam o servidor JetBrains TeamCity (CVE-2024-27198 e CVE-2024-27199)
None
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-27199 vulnerability anywhere in the article.
-
TheCyberThrone
CISA Adds Eight Actively Exploited Vulnerabilities to KEV Catalog
CISA expanded its Known Exploited Vulnerabilities (KEV) catalog on April 20, 2026, adding eight security flaws spanning enterprise print management, CI/CD platforms, CMS infrastructure, appliance mana ... Read more
-
Daily CyberSecurity
MOVEit WAF Critical Alert: Multi-Level RCE and WAF Bypass Vulnerabilities Disclosed
Progress Software has released a critical security bulletin for April 2026, revealing five high-impact vulnerabilities affecting MOVEit WAF and related Application Delivery Controller (ADC) products. ... Read more
-
Help Net Security
CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133)
CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20133) that Cisco has yet to flag as exploi ... Read more
-
Daily CyberSecurity
Nexcorium Botnet Turns Unpatched DVRs into DDoS Foot Soldiers
Security researchers at FortiGuard Labs have uncovered a sophisticated campaign deploying Nexcorium, a multi-architecture Mirai variant that turns unpatched digital video recorders (DVRs) into foot so ... Read more
-
The Cyber Express
CISA Adds 8 Exploited Vulnerabilities Affecting Cisco, Zimbra, TeamCity
The Cybersecurity and Infrastructure Security Agency (CISA) have expanded its Known Exploited Vulnerabilities, commonly referred to as the KEV catalog, with eight newly identified security flaws that ... Read more
-
The Hacker News
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco C ... Read more
-
Daily CyberSecurity
CISA Warns of Active Exploitation in Cisco, PaperCut, and Zimbra
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding eight high-impact flaws. The update comes following confirmed evidenc ... Read more
-
Daily CyberSecurity
Progress Kemp LoadMaster Alert: Multiple RCE and WAF Bypass Flaws Patched
The Progress Kemp LoadMaster team has confirmed a significant security event involving five high-severity vulnerabilities affecting its application delivery controllers. These flaws, which impact both ... Read more
-
Daily CyberSecurity
ASUSTOR Issues Critical Patch: Command Injection Vulnerability Threatens ADM Users
ASUSTOR has issued an urgent security advisory regarding a high-severity command injection vulnerability impacting its ASUSTOR Data Master (ADM) operating system. Identified as CVE-2026-6644, this fla ... Read more
-
Daily CyberSecurity
ZionSiphon: The “Defanged” Malware Aiming for the Water Supply
A new and highly specialized malware threat has emerged in the industrial cybersecurity landscape, signaling a targeted effort to disrupt critical infrastructure. Security researchers from Darktrace r ... Read more
-
The Hacker News
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and ... Read more
-
The Hacker News
China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
Vulnerability / Threat Intelligence The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attack ... Read more
-
Darktrace
Introducing ‘Defend Beyond’: Our promise to customers in the face of evolving threats
The rise in vulnerability exploitationIn recent years, threat actors have increasingly been observed exploiting endpoints and services associated with critical vulnerabilities almost immediately after ... Read more
-
Darktrace
Race Against Time: Detecting JetBrains’ TeamCity Exploitation Activity with Darktrace
Darktrace observed the rapid exploitation of a critical vulnerability in JetBrains TeamCity (CVE-2024-27198) shortly following its public disclosure. Learn how the need for speedy detection serves to ... Read more
-
Trend Micro
TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types
On March 4, 2024, JetBrains disclosed two critical vulnerabilities — CVE-2024-27198 and CVE-2024-27199 — within the TeamCity On-Premises platform that allow attackers to bypass authentication measures ... Read more
The following table lists the changes that have been made to the
CVE-2024-27199 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Apr. 21, 2026
Action Type Old Value New Value Added Reference Type CISA-ADP: https://github.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.py Types: Exploit Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27199 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 20, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27199 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
May. 30, 2025
Action Type Old Value New Value Added Reference https://github.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.py -
Initial Analysis by [email protected]
Dec. 16, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Added CWE NIST CWE-22 Added CPE Configuration OR *cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:* versions up to (excluding) 2023.11.4 Changed Reference Type https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive No Types Assigned https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive Press/Media Coverage Changed Reference Type https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive No Types Assigned https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive Press/Media Coverage Changed Reference Type https://www.jetbrains.com/privacy-security/issues-fixed/ No Types Assigned https://www.jetbrains.com/privacy-security/issues-fixed/ Vendor Advisory Changed Reference Type https://www.jetbrains.com/privacy-security/issues-fixed/ No Types Assigned https://www.jetbrains.com/privacy-security/issues-fixed/ Vendor Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive Added Reference https://www.jetbrains.com/privacy-security/issues-fixed/ -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Mar. 11, 2024
Action Type Old Value New Value Added Reference JetBrains s.r.o. https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive [No types assigned] -
CVE Received by [email protected]
Mar. 04, 2024
Action Type Old Value New Value Added Description In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible Added Reference JetBrains s.r.o. https://www.jetbrains.com/privacy-security/issues-fixed/ [No types assigned] Added CWE JetBrains s.r.o. CWE-23 Added CVSS V3.1 JetBrains s.r.o. AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L