VDB
CNVD-2025-17149
CNVD-2025-17149
PUBLISHED
CVSS 7.300000190734863 HIGH
JetBrains TeamCity是捷克JetBrains公司的一套分布式构建管理和持续集成工具。该工具提供持续单元测试、代码质量分析和构建问题分析报告等功能。 JetBrains TeamCity存在路径遍历漏洞,该漏洞源于程序未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞通过特别设计的web请求从底层文件系统中检索任意文件。
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| JetBrains | TeamCity | 0 |
Exploit Intelligence
- https://github.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.py (circl)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27199 (circl)
- https://www.jetbrains.com/privacy-security/issues-fixed/ (circl)
- https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive (circl)
- CIRCL seen: CVE-2024-27199 (circl-sighting)
- CIRCL exploited: CVE-2024-27199 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-27199 (circl-sighting)
- CIRCL exploited: CVE-2024-27199 (circl-sighting)
- CIRCL exploited: CVE-2024-27199 (circl-sighting)
- CIRCL exploited: CVE-2024-27199 (circl-sighting)
…and 100 more exploits
Timeline
- Mar 4, 2024 CVE Published
- Mar 4, 2024 PoC Published
- Mar 5, 2024 PoC Published
- Mar 5, 2024 PoC Published
- Mar 5, 2024 PoC Published
- Mar 5, 2024 PoC Published
- Mar 5, 2024 PoC Published
- Mar 5, 2024 PoC Published
- Mar 5, 2024 PoC Published
- Mar 6, 2024 CVE ID Reserved
- Mar 6, 2024 PoC Published
- Mar 6, 2024 PoC Published
References
- https://www.jetbrains.com/privacy-security/issues-fixed/ url
- https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive url
- https://github.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.py exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27199 url