Security News

A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems. Atlassian explains that the security issue affects versions 5.3.0 through 5.5.0 and that hackers can get "Access to a Jira Service Management instance under certain circumstances."

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 and has been described as a case of broken authentication with low attack complexity.

Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center, affects versions 7.0 to 7.21 and 8.0 to 8.4.

Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket Server and Data Center, the company's solution for Git repository management. Rated critical, the issue in Crowd Server and Data Center is tracked as CVE-2022-43782 and is a misconfiguration that allows an attacker to bypass password checks when authenticating as the Crowd app and to call privileged API endpoints.

The Cybersecurity and Infrastructure Security Agency late on Friday placed the flaw - tracked as CVE-2022-36804 - on its catalog of Known Exploited Vulnerabilities, effectively a must-patch list. CISA put the vulnerability in Bitbucket Server and Data Center tools on the KEV list on the same day as two high-profile Microsoft Exchange zero-day flaws.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary code execution on susceptible installations by sending a specially crafted HTTP request.

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. In one of the infection chains observed by the cybersecurity company, the flaw was leveraged to download and run a shell script on the victim's machine, which, in turn, fetched a second shell script.

US-based CISOs get nearly $1 million per yearThe role of the Chief Information Security Officer is a relatively new senior-level executive position within most organizations, and is still evolving. Patch critical flaw in Atlassian Bitbucket Server and Data Center!A critical vulnerability in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories. As Atlassian explains in its security advisory, published mid-last week: "An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request."

A critical vulnerability in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances. Bitbucket Server and Data Center are used by software developers around the world for source code revision control, management and hosting.