CVE-2024-23917
CRITICAL EXPLOITED NUCLEIJetBrains TeamCity > 2023.11.3 - Authentication Bypass
Title source: nucleiExploitation Summary
CVE-2024-23917 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Nuclei Templates (1)
JetBrains TeamCity > 2023.11.3 - Authentication Bypass
CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch
Shodan:
http.title:teamcity || http.component:"teamcity"
FOFA:
title=teamcity
References (1)
Core 1
Core References
Vendor Advisory
https://www.jetbrains.com/privacy-security/issues-fixed/
Scores
CVSS v3
9.8
EPSS
0.5401
EPSS Percentile
98.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2025-10-17
CWE
CWE-306
CWE-288
Status
published
Products (1)
jetbrains/teamcity
< 2023.11.3
Published
Feb 06, 2024
Tracked Since
Feb 18, 2026