JetBrains TeamCity Security Update Advisory (CVE-2024-27198, CVE-2024-27199)

Overview

 

An update has been made available to address a vulnerability in the JetBrains TeamCity product. users of affected versions are advised to update to the latest version.

 

Affected Products

 

Cve-2024-27198, cve-2024-27199

• JetBrains TeamCity prior to 2023.11.4 

 

Resolved Vulnerabilities

 

Authentication bypass vulnerability in JetBrains TeamCity that allows administrator actions to be performed (CVE-2024-27198)

Path traversal vulnerability that allows limited administrator actions to be performed in JetBrains TeamCity (CVE-2024-27199)

 

Vulnerability Patches

 

vulnerability Patches were made available in the March 4, 2024 update. Please follow the Referenced Sites to update to the latest Vulnerability Patches version.

Cve-2024-27198, cve-2024-27199

• JetBrains TeamCity 2023.11.4

 

Referenced Sites

 

[1] Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199) – Update to 2023.11.4 Now
https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
[2] CVE-2024-27198 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-27198
[3] CVE-2024-27199 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-27199