#ConfluenceSecurity

Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira

by

August 22, 2024 at 08:45AM Atlassian’s August 2024 security bulletin outlines nine high-severity vulnerabilities affecting Bamboo, Confluence, Crowd, and Jira products. Patches have been released for issues such as remote code execution, denial-of-service, cross-site scripting, and server-side request forgery. The company advises users to promptly update their installations to address these vulnerabilities. Based on the … Read more

Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira

by

June 20, 2024 at 06:58AM Atlassian released software updates addressing high-severity vulnerabilities in Confluence, Crucible, and Jira. The Confluence update resolves six security defects, including broken access control and server-side request forgery flaws. Crucible versions 4.8.15 and higher address a deserialization vulnerability, while Jira updates fix an information disclosure issue. No known exploitation of these … Read more

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers

by

December 28, 2023 at 11:21AM Apache OFBiz, utilized for business operations, contains a critical pre-authentication remote code execution vulnerability, CVE-2023-49070, actively being exploited. A patch to resolve the issue was found incomplete, resulting in the discovered bypass flaw, CVE-2023-51467. The urgency for users to upgrade to version 18.12.11 is emphasized due to the risk of … Read more

Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps

by

December 6, 2023 at 06:00PM Atlassian has patched four critical vulnerabilities (CVE-2022-1471, CVE-2023-22522, CVE-2023-22523, CVE-2023-22524) with CVSS scores up to 9.8, affecting various platforms with risks of remote code execution (RCE). These follow a series of bugs in their widely-used collaboration tools, with prior exploits prompting urgent updates. Meeting Takeaways: 1. Atlassian has encountered four … Read more

Atlassian warns of exploit for Confluence data wiping bug, get patching

by

November 2, 2023 at 05:53PM Atlassian has issued a warning to admins about a critical security flaw in Confluence that could result in data destruction attacks. A public exploit for the vulnerability, tracked as CVE-2023-22518, has been found, putting Internet-exposed and unpatched instances at high risk. Atlassian has urged immediate action, including upgrading software and … Read more