Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure'

This report describes two critical authentication-bypass vulnerabilities in JetBrains TeamCity (CVE-2024-27198 and CVE-2024-27199), Rapid7's dispute with JetBrains over silent patching and coordinated disclosure, and evidence from third parties that exploitation began rapidly after the fixes were released; on-prem TeamCity instances up to 2023.11.3 are affected while cloud instances were already patched.