Atlassian Jira

Atlassian Confluence Remote Code Execution Vulnerability (CVE-2021-26084) Threat Alert

outubro 4, 2021

Overview Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084). This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a crafted OGNL expression. This vulnerability […]

Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert

julho 29, 2019

1 Vulnerability Description

Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data Center, which could cause remote code execution when either of the following conditions is met:

  1. An SMTP server has been configured in Jira and the Contact Administrators Form is enabled.
  2. An SMTP server has been configured in Jira and an attacker has “Jira Administrators” access.

(mais…)

Search

Inscreva-se no Blog da NSFOCUS