Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.
Atlassian has issued a security update for Jira Service Desk Server and Jira Service Desk Data Center. The update includes a fix for a critical URL path traversal vulnerability CVE-2019-14994 that could allow information disclosure.
Atlassian issued a security update for a critical Jira Server vulnerability. According to Atlassian, a server-side template injection vulnerability CVE-2019-11581 affects Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. The company confirmed an attacker can exploit this vulnerability if any of the following conditions are met: An SMTP server has been …