.. / CVE-2024-27199

Exploit for TeamCity < 2023.11.4 - Authentication Bypass (CVE-2024-27199)

Description:

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

Nuclei Template

View the template here CVE-2024-27199.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-27199.yaml
Copy

References:

https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
https://nvd.nist.gov/vuln/detail/CVE-2024-27199