Security experts have warned that threat actors are now exploiting a critical TeamCity vulnerability en masse, creating hundreds of new user accounts on compromised servers.
TeamCity is a popular CI/CD developer tool from Czech outfit JetBrains. Rapid7 published exploit details of two new vulnerabilities in the product earlier this week.
These include CVE-2024-27198: an authentication bypass vulnerability in the web component of TeamCity which has a CVSS base score of 9.8. It could enable “complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker, including unauthenticated remote code execution (RCE),” according to Rapid7.
Cybersecurity firm LeakIX revealed in a post on X (formerly Twitter) yesterday that it found 1711 vulnerable TeamCity instances in its last scan. Of these, 1442 (84%) showed “clear signs of rogue user creation,” it added.
In a separate post, the firm revealed that it had observed “hundreds” of these user accounts being created by attackers “for later use across the internet.”
No tags.
