The US (269), Germany (267), and Russia (191) have been essentially the most contaminated (admin accounts created) nations in a listing shared by LeakIX. That they had 330, 302, and 221 unpatched programs respectively on the final depend.
“There are between 3 and 300 customers created on compromised cases, normally the sample is 8 alphanum characters,” LeakIX reportedly mentioned.
The disclosure spat
Rapid7 believed the vulnerabilities have been vital and launched full technical particulars shortly after the patches have been launched, recommending quick patching.
“TeamCity has been a well-liked goal for attackers, together with state-sponsored teams, over the previous six months or so,” mentioned Caitlin Condon, director of vulnerability intelligence at Rapid7.
“Each vulnerabilities Rapid7 found in TeamCity are authentication bypasses; the primary (CVE-2024-27198) is vital and permits for unauthenticated distant code execution, which in flip offers potential attackers management over TeamCity builds, brokers, artifacts, and so forth,” Condon added. “The second vulnerability (CVE-2024-27199) is high-severity as an alternative of vital, and permits for restricted data disclosure and/or system modification, together with the power for an unauthenticated attacker to interchange the HTTPS certificates in a susceptible TeamCity server with a certificates of the attacker’s selecting.”
Nonetheless, within the safety launch for these vulnerabilities, JetBrains had indicated that the corporate was rushed into disclosing the problems by Rapid7 because the latter selected to strictly abide by its personal vulnerability disclosure coverage and was about to publish full technical particulars shortly.