| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-27198 | JetBrains TeamCity Authentication Bypass Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This authentication bypass vulnerability is exploited by an unauthenticated, remote adversary via an alternative path issue in the web component allowing attackers to perform admin actions and achieve remote code execution. To exploit this vulnerability, attackers need to generate an unauthenticated 404 HTTP response, pass the HTTP query string “?jsp=/app/rest/server”, and append “;.jsp” to the HTTP path parameter.
References
|
| CVE-2024-27198 | JetBrains TeamCity Authentication Bypass Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This authentication bypass vulnerability is exploited by an unauthenticated, remote adversary via an alternative path issue in the web component allowing attackers to perform admin actions and achieve remote code execution. To exploit this vulnerability, attackers need to generate an unauthenticated 404 HTTP response, pass the HTTP query string “?jsp=/app/rest/server”, and append “;.jsp” to the HTTP path parameter.
References
|