Overview Recently, NSFOCUS CERT monitored that the official security announcement of Atlassian has fixed multiple high-risk vulnerabilities in the Atlassian products. Affected users should take protective measures as soon as possible. Atlas Conflict Data Center and Server Remote Code Execution Vulnerability (CVS-2023-22508/CVC-2023-22505): There is a remote code execution vulnerability in...
Tag: Atlassian Jira
Jira Service Management Server and Data Center Authentication Bypass Vulnerability (CVE-2023-22501) Notice
Overview Recently, NSFOCUS CERT found that Atlassian officially fixed a Jira Service Management Server and Data Center authentication bypass vulnerability (CVE-2023-22501). When write access to user directories and outgoing emails is enabled on a Jira Service Management instance, an unauthenticated remote attacker can gain access to Jira Service Management by...
Atlassian Confluence Remote Code Execution Vulnerability (CVE-2021-26084) Threat Alert
Overview Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084). This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a...
Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert
1 Vulnerability Description Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data Center, which could cause remote code execution when either of the following conditions is met: An SMTP server has been configured in Jira and the Contact Administrators Form...
