The Download
In February, we warned about a vulnerability from JetBrains in the TeamCity software used by many software companies to manage CI/CD production software. As predicted that vulnerability (CVE-2024-27198) is being actively exploited to create new hundreds of users via the admin console. The vulnerability rates a 9.8/10 in severity and can be used to compromise all TeamCity projects. What makes this concerning is your software supply chain may be compromised by suppliers who use the TeamCity software. It is estimated over 1,400 instances of the TeamCity software are already compromised.
What You Can Do
If you are using TeamCity software you should patch immediately and look for signs of compromise including new accounts that are typically created with 8 alphanumeric characters. As a buyer of software you should find out if your software suppliers are using TeamCity software (and have not been patched). Currently there are over 1,700 vulnerable instances of TeamCity software exposed to the Internet. Are your software suppliers included in these? You can scan them to find out.