Atlassian Jira

Atlassian Multiple High Risk Vulnerabilities Notification

July 24, 2023

Overview Recently, NSFOCUS CERT monitored that the official security announcement of Atlassian has fixed multiple high-risk vulnerabilities in the Atlassian products. Affected users should take protective measures as soon as possible. Atlas Conflict Data Center and Server Remote Code Execution Vulnerability (CVS-2023-22508/CVC-2023-22505): There is a remote code execution vulnerability in the Atlas Conflict Data Center […]

Jira Service Management Server and Data Center Authentication Bypass Vulnerability (CVE-2023-22501) Notice

February 7, 2023

Overview Recently, NSFOCUS CERT found that Atlassian officially fixed a Jira Service Management Server and Data Center authentication bypass vulnerability (CVE-2023-22501). When write access to user directories and outgoing emails is enabled on a Jira Service Management instance, an unauthenticated remote attacker can gain access to Jira Service Management by impersonating users who have never […]

Atlassian Confluence Remote Code Execution Vulnerability (CVE-2021-26084) Threat Alert

October 4, 2021

Overview Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084). This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a crafted OGNL expression. This vulnerability […]

Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert

July 29, 2019

1 Vulnerability Description

Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data Center, which could cause remote code execution when either of the following conditions is met:

  1. An SMTP server has been configured in Jira and the Contact Administrators Form is enabled.
  2. An SMTP server has been configured in Jira and an attacker has “Jira Administrators” access.

(more…)

Search

Subscribe to the NSFOCUS Blog