Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira

October 21, 2024 at 07:04AM Atlassian has issued patches addressing high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management, enhancing security for these platforms. **Meeting Takeaways:** 1. **Atlassian Vulnerability Patches**: Atlassian has released patches addressing high-severity vulnerabilities in three key products: – Bitbucket – Confluence – Jira Service Management 2. **Source of Information**: The announcement … Read more

Bitbucket artifact files can leak plaintext authentication secrets

May 21, 2024 at 04:01PM The issue involves threat actors breaching AWS accounts by exploiting plaintext AWS authentication secrets leaked in Atlassian Bitbucket artifacts. Mandiant discovered this during an investigation and highlighted how seemingly secured data can be exposed in public repositories, jeopardizing security. Developers are cautioned to review artifacts and deploy code scanning to … Read more

Atlassian Bitbucket artifacts can leak plaintext auth secrets

May 21, 2024 at 03:06PM Threat actors breached AWS accounts using leaked plaintext authentication secrets in Atlassian Bitbucket artifacts. Mandiant discovered this issue in the context of an investigation, highlighting the potential leakage of secured data in public repositories. Bitbucket’s secured variables encrypt sensitive information, but Mandiant found that artifact objects can contain plaintext secured … Read more

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server

March 20, 2024 at 10:51AM Atlassian patched 24 vulnerabilities in products including Bamboo, Bitbucket, Confluence, and Jira. The critical-severity bug (CVE-2024-1597) impacts org.postgresql:postgresql, could allow unauthenticated attackers to exploit assets, and affects Bamboo Data Center and Server versions 8.2.1 to 9.5.0. Atlassian also released security updates for Confluence and Jira. Users are advised to update … Read more