CVE-2024-27199: JetBrains TeamCity Relative Path Traversal Vulnerability
Summary
JetBrains TeamCity has a relative path traversal vulnerability (CVE-2024-27199) that could permit limited administrative actions. Federal agencies are mandated to apply mitigations or discontinue use by May 4, 2026.
IFF Assessment
This vulnerability allows unauthorized users to perform administrative actions, posing a direct threat to system security and integrity.
Severity
The CVSS score of 8.7 reflects the High severity. The vulnerability allows for Local privilege escalation (requires some authenticated access), which can lead to significant impact on the confidentiality, integrity, and availability of the system.
CISA KEV: Listed as actively exploited. Federal patch due: May 04, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability in JetBrains TeamCity requires immediate attention due to its potential to grant attackers administrative privileges. Defenders should prioritize applying vendor-provided patches or workarounds and ensure their systems are secured against this known flaw.