X1377 Patched [better] -
1. Civil Engineering: British Standard BS 1377 (Soil Testing)
x1377
- Unexplained User Creation: Look for new user accounts created in the TeamCity database or logs, particularly those added via REST API endpoints without a corresponding UI session.
- Suspicious Access Logs: GET or POST requests to
/ajax.htmlor/app/rest/usersoriginating from external IP addresses that do not follow a standard login pattern. - Unexpected Tokens: Look for the generation of new API tokens for administrative users.
This vulnerability poses a significant supply chain risk. TeamCity is a Continuous Integration/Continuous Deployment (CI/CD) server used to build and deploy software. An attacker gaining access to a TeamCity server can steal source code, inject malicious code into build pipelines, compromise production environments, and exfiltrate secrets (API keys, database passwords) stored within the build configurations. x1377 patched