JetBrains TeamCity Authentication Bypass Vulnerability Under Active Exploitation

Publicly available exploits incite unwarranted chaos 

Executive Summary

On March 4, 2024, JetBrains released a blog post detailing the security patch for TeamCity, which is a Continuous Integration and Continuous Delivery (CI/CD) server developed by JetBrains and plays a crucial role within organizations across the globe. 

The official vendor released the following bug fixes  for two Authentication Bypass vulnerabilities (CVE-2024-27198 and CVE-2024-27199). Shortly, preliminary exploit codes for the vulnerability impacting TeamCity JetBrains were released by the Rapid7 team.