CVE-2024-27198, CVE-2024-27199: Two Authentication Bypass...

CVE-2024-27198, CVE-2024-27199: Two Authentication Bypass Vulnerabilities in JetBrains TeamCity

On March 4, JetBrains disclosed two zero-day vulnerabilities in its TeamCity products:

● CVE-2024-27198

● CVE-2024-27199

According to JetBrains, these issues were disclosed to them by researchers who discovered them in February. CVE-2024-27918 is an authentication bypass vulnerability and could allow an unauthenticated attacker to take administrative control of an affected TeamCity server. CVE-2024-27199 is also an authentication bypass vulnerability, and could allow unauthenticated attackers to traverse the file system to access files and directories outside of the restricted directory.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

CVE-2024-27198, CVE-2024-27199: Two Authentication Bypass...

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia