Atlassian Archives

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / October 1, 2022 / Atlassian, CVE-2022-36804, CVE-2022-41040, CVE-2022-41082, Exchange, Microsoft

The Cybersecurity and Infrastructure Security Agency (CISA) has added 3 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Microsoft Exchange and Atlassian flaws.

CISA adds Questions for Confluence App Hard-coded Credentials Vulnerability (CVE-2022-26138) to Known Exploited Vulnerabilities Catalog

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 30, 2022 / Atlassian, CISA, Confluence, CVE-2022-26138, Cybersecurity Threat Center

The Cybersecurity and Infrastructure Security Agency (CISA) has added a Critical Questions for Confluence App Hard-coded Credentials Vulnerability (CVE-2022-26138) to its Known Exploited Vulnerabilities Catalog.

Atlassian fixes Critical Confluence RCE vulnerability (CVE-2022-26134) exploited in the wild

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / June 4, 2022 / Atlassian, Confluence, CVE-2022-26134, Zero-day

Atlassian has fixed a Critical severity unauthenticated zero-day RCE vulnerability (CVE-2022-26134) in Confluence Server and Data Center.

Atlassian Confluence Server and Data Center vulnerability (CVE-2021-26084) exploits in the wild

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 3, 2021 / Atlassian, Confluence, CVE-2021-26084

Atlassian released security updates to patch a remote code execution vulnerability (CVE-2021-26084) in Confluence Server and Data Center. More recently, exploits in the wild have been detected since Atlassian patched the vulnerability last week.

Top 30 most commonly exploited vulnerabilities over 2020 and 2021

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / July 29, 2021 / Atlassian, BIG-IP, Citrix, CVE 2018-13379, CVE 2019-11510, CVE 2019-18935, CVE 2020-15505, CVE 2020-5902, CVE-2017-11882, CVE-2018-13379, CVE-2018-7600, CVE-2019-0604, CVE-2019-11580, CVE-2019-19781, CVE-2019-5591, CVE-2020-0787, CVE-2020-12812, CVE-2020-1472, CVE-2021-21985, CVE-2021-22894, CVE-2021-22899, CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104, Drupal, F5, Fortinet, MobileIron, Netlogon, Office, Pulse, Zerologon

Cybersecurity experts from Australia, U.K., and U.S. governments have released a list of the most commonly exploited vulnerabilities over 2020 and 2021.

Attackers could have taken over an Atlassian account via one-click exploit

Application Security, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / June 24, 2021 / Atlassian, Check Point, Confluence, CPR, CSRF, JavaScript, Jira, SSO, XSS

Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.

Jira Service Desk critical security update

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 23, 2019 / Atlassian, CVE-2019-14994, Jira

Atlassian has issued a security update for Jira Service Desk Server and Jira Service Desk Data Center. The update includes a fix for a critical URL path traversal vulnerability CVE-2019-14994 that could allow information disclosure.

Atlassian patches critical Jira Server vulnerability

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 12, 2019 / Atlassian, Jira

Atlassian issued a security update for a critical Jira Server vulnerability. According to Atlassian, a server-side template injection vulnerability CVE-2019-11581 affects Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. The company confirmed an attacker can exploit this vulnerability if any of the following conditions are met: An SMTP server has been …

Atlassian patches critical Jira Server vulnerability Read More »