The recent data shared by LeakIX revealed that the United States, Germany, and Russia were among the most affected countries when it came to the creation of admin accounts on compromised instances. According to the report, the US had 330 unpatched systems with 269 admin accounts created, while Germany had 302 unpatched systems with 267 admin accounts, and Russia had 221 unpatched systems with 191 admin accounts.
LeakIX also highlighted that there was a pattern observed in the creation of these admin accounts, which typically involved 8 alphanumeric characters. This information shed light on the methods used by attackers to exploit vulnerabilities in systems and gain unauthorized access.
The disclosure of these vulnerabilities sparked a dispute between security firms Rapid7 and JetBrains. Rapid7 believed that the vulnerabilities discovered in TeamCity were critical and immediately released full technical details to urge users to patch their systems promptly. Caitlin Condon, director of vulnerability intelligence at Rapid7, pointed out that TeamCity had been targeted by attackers, including state-sponsored groups, over the past six months.
Condon explained that the two vulnerabilities identified by Rapid7 in TeamCity were authentication bypasses, with one being critical (CVE-2024-27198) and allowing for unauthenticated remote code execution. This critical vulnerability could potentially give attackers control over various aspects of TeamCity builds and artifacts. The second vulnerability (CVE-2024-27199) was deemed high-severity and could enable attackers to replace the HTTPS certificate on a vulnerable TeamCity server with a certificate of their choice.
However, JetBrains expressed dissatisfaction with Rapid7’s disclosure approach, stating that the company felt rushed into revealing the issues. JetBrains claimed that Rapid7 was set to publish full technical details shortly, which violated JetBrains’ own vulnerability disclosure policy.
The dispute between Rapid7 and JetBrains highlighted the challenges in managing vulnerability disclosures and the importance of coordinated efforts to address security threats effectively. It also underscored the need for companies to prioritize patching and securing their systems to mitigate the risk of cyberattacks.
As cybersecurity threats continue to evolve, collaboration and transparency among security researchers, vendors, and organizations will be crucial in safeguarding digital assets and maintaining a secure online environment. The incident involving TeamCity vulnerabilities serves as a reminder of the importance of proactive cybersecurity measures and prompt remediation of identified security issues.