The US (269), Germany (267), and Russia (191) had been essentially the most contaminated (admin accounts created) international locations in a listing shared by LeakIX. They’d 330, 302, and 221 unpatched methods respectively on the final depend.
“There are between 3 and 300 customers created on compromised situations, normally the sample is 8 alphanum characters,” LeakIX reportedly stated.
The disclosure spat
Rapid7 believed the vulnerabilities had been important and launched full technical particulars shortly after the patches had been launched, recommending instant patching.
“TeamCity has been a well-liked goal for attackers, together with state-sponsored teams, over the previous six months or so,” stated Caitlin Condon, director of vulnerability intelligence at Rapid7.
“Each vulnerabilities Rapid7 found in TeamCity are authentication bypasses; the primary (CVE-2024-27198) is important and permits for unauthenticated distant code execution, which in flip offers potential attackers management over TeamCity builds, brokers, artifacts, and so forth,” Condon added. “The second vulnerability (CVE-2024-27199) is high-severity as an alternative of important, and permits for restricted info disclosure and/or system modification, together with the flexibility for an unauthenticated attacker to exchange the HTTPS certificates in a weak TeamCity server with a certificates of the attacker’s selecting.”
Nevertheless, within the security launch for these vulnerabilities, JetBrains had indicated that the corporate was rushed into disclosing the problems by Rapid7 because the latter selected to strictly abide by its personal vulnerability disclosure coverage and was about to publish full technical particulars shortly.