In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Recent assessments:
sfewer-r7 at March 04, 2024 8:16pm UTC reported:
CVE-2024-27199, allows for a limited amount of information disclosure and a limited amount of system modification, including the ability for an unauthenticated attacker to replace the HTTPS certificate in a vulnerable TeamCity server with a certificate of the attackerβs choosing.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5