Over the past few days a security breach has transpired, hackers are taking advantage of a significant flaw in TeamCity On-Premises software, allowing them to create unauthorised admin accounts. This flaw, known as CVE-2024-27198, has prompted urgent action from software developer JetBrains, who released an update on March 4 to address the issue.

The gravity of this situation is evident as hackers exploit the vulnerability on an extensive scale, creating hundreds of unauthorised users on instances of TeamCity that have not yet received the essential update. According to LeakIX, a platform specialising in identifying exposed device vulnerabilities, over 1,700 TeamCity servers remain unprotected. Most notably, vulnerable hosts are predominantly found in Germany, the United States, and Russia, with an alarming 1,440 instances already compromised.

On March 5, GreyNoise, a company analysing internet scanning traffic, detected a notable surge in attempts to exploit CVE-2024-27198. The majority of these attempts originated from systems in the United States, particularly those utilising the DigitalOcean hosting infrastructure.

These compromised TeamCity servers are not mere inconveniences; they serve as vital production machines used for building and deploying software. This presents a significant risk of supply-chain attacks, as the compromised servers may contain sensitive information, including crucial credentials for environments where code is deployed, published, or stored.

Rapid7, a prominent cybersecurity company, brought attention to the severity of the situation. The vulnerability, with a critical severity score of 9.8 out of 10, affects all releases up to TeamCity version 2023.11.4. Its nature allows remote, unauthenticated attackers to gain control of a vulnerable server with administrative privileges.

JetBrains responded swiftly to the report by releasing TeamCity version 2023.11.4 on March 4, featuring a fix for CVE-2024-27198. They are urging all TeamCity users to update their instances to the latest version immediately to mitigate the risks associated with this critical vulnerability.

Considering the observed widespread exploitation, administrators of on-premise TeamCity instances are strongly advised to take immediate action in installing the newest release. Failing to do so could leave systems vulnerable to unauthorised access and potential supply-chain attacks, amplifying the urgency of this situation.

The recent discovery of a critical flaw in TeamCity software has far-reaching implications for the global security landscape. Users are urged to act promptly by updating their TeamCity instances to ensure protection against unauthorised access and the looming threat of potential supply-chain attacks. The urgency of this matter cannot be overstated, accentuating the imperative need for immediate action.