The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-27198

• Severity: Critical (CNA score: 9.8)
• Impacted Products: JetBrains TeamCity before 2023.11.4
• Description: Authentication bypass allowing admin actions.
• Remediation: Update to TeamCity version 2023.11.4 or newer.
• More Info: NVD CVE-2024-27198
• PoC: Rapid7 Blog

CVE-2024-27199

• Severity: High (CNA score: 7.3)
• Impacted Products: JetBrains TeamCity before 2023.11.4
• Description: A path traversal vulnerability that allows for limited admin actions.
• Remediation: Upgrade to TeamCity version 2023.11.4 or later.
• More Info: NVD CVE-2024-27199
• PoC: Rapid7 Blog

CVE-2024-1403

• Severity: Critical (CNA score: 10.0)
• Impacted Products: OpenEdge Authentication Gateway and AdminServer prior to versions 11.7.19, 12.2.14, 12.8.1
• Description: An authentication bypass vulnerability due to improper handling of username and password, allowing unauthorized access.
• Remediation: Update to the specified versions or later.
• More Info: NVD CVE-2024-1403
• PoC: https://github.com/horizon3ai/CVE-2024-1403/tree/main

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.