Atlassian

Pierluigi Paganini March 20, 2024
Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately

Atlassian fixed tens of vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products, including a critical flaw that can be very dangerous. Atlassian addressed multiple vulnerabilities in its Bamboo, Bitbucket, Confluence, and Jira products. The most severe vulnerability, tracked as CVE-2024-1597 (CVSS score of 10), is a SQL injection flaw that impacts the org.postgresql:postgresql third-party dependency of Bamboo […]

Pierluigi Paganini January 16, 2024
Atlassian fixed critical RCE in older Confluence versions

Atlassian warns of a critical remote code execution issue in Confluence Data Center and Confluence Server that impacts older versions. Atlassian warns of a critical remote code execution vulnerability, tracked as CVE-2023-22527 (CVSS score 10.0), in Confluence Data Center and Confluence Server that impacts older versions. The vulnerability is a template injection vulnerability that can […]

Pierluigi Paganini December 06, 2023
Atlassian addressed four new RCE flaws in its products

Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products. Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: It’s unclear if the above issues are actively exploited in attacks in the wild. At the end of […]

Pierluigi Paganini November 06, 2023
Critical Confluence flaw exploited in ransomware attacks

Experts warn threat actors that started exploiting a recent critical flaw CVE-2023-22518 in Confluence Data Center and Confluence Server. Over the weekend threat actors started exploiting a recently disclosed vulnerability (CVE-2023-22518) in all versions of Atlassian Confluence Data Center and Confluence Server. Atlassian last week warned of the CVE-2023-22518 (CVSS score 9.1), the issue is an […]

Pierluigi Paganini October 31, 2023
Critical Atlassian Confluence flaw can lead to significant data loss

Atlassian warned of a critical security vulnerability, tracked as CVE-2023-22518, in the Confluence Data Center and Server. Atlassian is warning of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. The vulnerability is an improper authorization issue that can lead to significant data loss if […]

Pierluigi Paganini October 04, 2023
Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Atlassian fixed a critical zero-day flaw in its Confluence Data Center and Server software, which has been exploited in the wild. Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability […]

Pierluigi Paganini July 25, 2023
Atlassian addressed 3 flaws in Confluence and Bamboo products

Atlassian addressed three vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products that can lead to remote code execution. Atlassian has addressed three critical and high severity vulnerabilities impacting the Confluence Server, Data Center, and Bamboo Data Center products. Successful exploitation of the vulnerabilities could result in remote code execution on vulnerable systems. According to […]

Pierluigi Paganini February 19, 2023
Hackers disclose Atlassian data after the theft of an employee’s credentials

Atlassian discloses a data leak that was caused by the theft of employee credentials which was used to steal data from a third-party vendor. A group of hackers called SiegedSec recently published on its Telegram channel a JSON file containing data belonging to thousands of Atlassian employees and floor plans for two of the company’s […]

Pierluigi Paganini February 03, 2023
Atlassian fixed critical authentication vulnerability in Jira Software

Atlassian fixed a critical flaw in Jira Service Management Server and Data Center that can allow an attacker to impersonate another user and gain access to a Jira Service Management instance. Atlassian has released security updates to address a critical vulnerability in Jira Service Management Server and Data Center, tracked as CVE-2023-22501 (CVSS score: 9.4), […]

Pierluigi Paganini November 18, 2022
Atlassian fixed 2 critical flaws in Crowd and Bitbucket products

Atlassian addressed this week two critical vulnerabilities impacting its Crowd and Bitbucket products. Atlassian announced the release of security updates to address critical-severity vulnerabilities in its identity management platform, Crowd Server and Data Center, and in the Bitbucket Server and Data Center, a self-managed solution that provides source code collaboration for professional teams. The vulnerability in […]