COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-27199

CVE-2024-27199

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⌖ exploited in the wild shame 45/100 ransomwareexploited-in-wildsupply-chainunpatched

JetBrains TeamCity exploited via CVE-2024-27199 enables limited admin actions, posing a supply-chain risk for DIB organizations using the service.

This relative path traversal vulnerability allows limited administrative actions to be performed, potentially compromising build integrity and access controls. DIB organizations must immediately audit TeamCity configurations and apply patches to prevent unauthorized admin actions that could lead to data exfiltration or ransomware entry.

Shame score — A critical, actively exploited vulnerability in a widely used build tool that allows limited admin actions, though not full remote code execution.

Players implicated

jetbrains · vendorTeamCity · product

Description

JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.