diff --git a/documentation/modules/exploit/multi/http/jetbrains_teamcity_rce_cve_2024_27198.md b/documentation/modules/exploit/multi/http/jetbrains_teamcity_rce_cve_2024_27198.md
index f5591776ca..f97dd1296b 100644
--- a/documentation/modules/exploit/multi/http/jetbrains_teamcity_rce_cve_2024_27198.md
+++ b/documentation/modules/exploit/multi/http/jetbrains_teamcity_rce_cve_2024_27198.md
@@ -3,7 +3,10 @@ This module exploits an authentication bypass vulnerability in JetBrains TeamCit
 attacker can leverage this to access the REST API and create a new administrator access token. This token
 can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve
 unauthenticated RCE on the target TeamCity server. On older versions of TeamCity, access tokens do not exist
-so the exploit will instead create a new administrator account before uploading a plugin.
+so the exploit will instead create a new administrator account before uploading a plugin. Older version of
+Team city have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed,
+however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code
+execution instead, as this is supported on all versions tested.
 
 For a technical analysis of the vulnerability, read our [Rapid7 Analysis](https://attackerkb.com/topics/K3wddwP3IJ/cve-2024-27198/rapid7-analysis).
 
diff --git a/modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2024_27198.rb b/modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2024_27198.rb
index 677fd33555..9804979908 100644
--- a/modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2024_27198.rb
+++ b/modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2024_27198.rb
@@ -20,7 +20,10 @@ class MetasploitModule < Msf::Exploit::Remote
           attacker can leverage this to access the REST API and create a new administrator access token. This token
           can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve
           unauthenticated RCE on the target TeamCity server. On older versions of TeamCity, access tokens do not exist
-          so the exploit will instead create a new administrator account before uploading a plugin.
+          so the exploit will instead create a new administrator account before uploading a plugin. Older version of
+          Team city have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed,
+          however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code
+          execution instead, as this is supported on all versions tested.
         },
         'License' => MSF_LICENSE,
         'Author' => [
@@ -299,7 +302,7 @@ class MetasploitModule < Msf::Exploit::Remote
           # NOTE: We place bootstrap_ognl in a separate bean, as it this generates an exception the plugin will fail
           # to load correctly, which prevents the exploit from deleting the plugin later. We choose java.beans.Encoder
           # as the setExceptionListener method will accept the null value the bootstrap_ognl will generate. If we
-          # choose a property that does no exist, we generate a several of exceptions in the teamcity-server.log.
+          # choose a property that does not exist, we generate several exceptions in the teamcity-server.log.
 
           zip_resources.add_file(
             "META-INF/build-server-plugin-#{plugin_name}.xml",