{"uuid": "80b1a3cd-1de7-43f4-9f84-add524f78804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-27199", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/202", "content": "CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)\n\n\ud83d\udc64 by Rapid7\n\nIn February 2024, Rapid7\u2019s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server:\n\n\u2022 CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288) and has a CVSS base score of 9.8 (Critical).\n\n\u2022 CVE-2024-27199 is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue (CWE-22) and has a CVSS base score of 7.3 (High).\n\n\ud83d\udcdd Contents:\n\u25cf Overview\n\u25cf Impact\n\u25cf Remediation\n\u25cf Analysis\n    \u2022 CVE-2024-27198\n    \u2022 CVE-2024-27199\n\u25cf Rapid7 customers\n\u25cf Timeline\n\nhttps://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/", "creation_timestamp": "2024-03-05T11:02:15.000000Z"}