outubro 4, 2021
Overview Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084). This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a crafted OGNL expression. This vulnerability […]
julho 29, 2019
1 Vulnerability Description
Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data Center, which could cause remote code execution when either of the following conditions is met:
- An SMTP server has been configured in Jira and the Contact Administrators Form is enabled.
- An SMTP server has been configured in Jira and an attacker has “Jira Administrators” access.