What is CVE-2024-27198?

An authentication bypass vulnerability in JetBrains TeamCity allows unauthenticated attackers to gain admin access and execute arbitrary code on the server via the web UI.

How do I fix CVE-2024-27198?

Update TeamCity to 2023.11.4 or later immediately. Restrict TeamCity web UI access to trusted IP ranges only. Audit TeamCity user accounts and remove any unauthorized admin accounts. Rotate all credentials, tokens, and VCS passwords stored in TeamCity. Review build logs for signs of exploitation (unauthorized builds, new admin accounts). Enable TeamCity audit logs and set up alerts for admin account creation.

Which versions are affected by CVE-2024-27198?

Affected: TeamCity < 2023.11.4. Fixed in: TeamCity 2023.11.4+.

criticalCVSS 10/10·Published: 2024-03-04·JetBrains TeamCity

How to fix CVE-2024-27198 – Step-by-Step Guide

CVE-2024-27198 is a critical authentication bypass vulnerability in JetBrains TeamCity, rated CVSS 10.0. It allows unauthenticated attackers to gain administrative access and execute arbitrary code on affected servers. This poses a severe risk to CI/CD pipelines.

CVE ID

CVE-2024-27198

Severity

CRITICAL

CVSS Score

10/10

Affected

JetBrains TeamCity

What is JetBrains TeamCity Authentication Bypass?

This vulnerability, CVE-2024-27198, specifically impacts JetBrains TeamCity versions prior to 2023.11.4. It's an authentication bypass flaw in the web UI that allows unauthenticated users to create new admin accounts. This grants them full administrative control over the TeamCity instance, bypassing all security measures.

Affected Versions

TeamCity < 2023.11.4

Fixed In

TeamCity 2023.11.4+

Official References

Impact and Risks for your Infrastructure

The impact of CVE-2024-27198 is a complete server takeover. Attackers can execute arbitrary code, access sensitive source code repositories, and exfiltrate secrets like API keys or credentials. This leads to severe data breaches, supply chain attacks, and potential operational disruption.

teamcityauth-bypasscriticalci-cd2024

Step-by-Step Mitigation Guide

To mitigate CVE-2024-27198, immediately upgrade your JetBrains TeamCity instance to version 2023.11.4 or newer. Verify the upgrade by checking the TeamCity server version in the administration panel. Ensure all instances are updated to prevent unauthenticated access and maintain CI/CD integrity.

1Update TeamCity to 2023.11.4 or later immediately.
2Restrict TeamCity web UI access to trusted IP ranges only.
3Audit TeamCity user accounts and remove any unauthorized admin accounts.
4Rotate all credentials, tokens, and VCS passwords stored in TeamCity.
5Review build logs for signs of exploitation (unauthorized builds, new admin accounts).
6Enable TeamCity audit logs and set up alerts for admin account creation.

Frequently Asked Questions

What is the CVSS score for CVE-2024-27198?▼

CVE-2024-27198 has a CVSS score of 10/10 (critical severity). This reflects the most severe potential impact, requiring immediate remediation.

Which versions of JetBrains TeamCity are affected?▼

Affected: TeamCity < 2023.11.4. The vulnerability was fixed in: TeamCity 2023.11.4+.

How long does it take to fix CVE-2024-27198?▼

For most teams: 15–60 minutes to apply the patch, plus 15 minutes of post-patch verification. Complex multi-service environments may require 2–4 hours including staging validation.

Is CVE-2024-27198 being actively exploited?▼

Check the NVD entry and CISA KEV catalog for exploitation status. As a critical-severity vulnerability, treat it as a priority remediation regardless of known exploitation status.

Run Security Check →Browse Runbooks →← All CVE Solutions

This CVE fix guide is based on publicly available security advisories (NVD, vendor bulletins). Always test changes in a staging environment before applying to production. Verify against the official vendor advisory for the most up-to-date guidance.