Security News

Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations.Tracked as CVE-2022-36804, the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests.

Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that attackers could leverage to execute arbitrary code on vulnerable instances. "An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request," explains Atlassian's advisory.

A threat actor is said to have "Highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. "The evidence indicates that the threat actor executed malicious commands with a parent process of tomcat9.exe in Atlassian's Confluence directory," the company said.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center instances.

A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild.The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain unrestricted access to all pages in Confluence.

Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. As the company revealed this week, the Questions for Confluence app creates a disabledsystemuser account with a hardcoded password to help admins migrate data from the app to the Confluence Cloud.

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. While this account, Atlassian says, is to help administrators migrate data from the app to Confluence Cloud, it's also created with a hard-coded password, effectively allowing viewing and editing all non-restricted pages within Confluence by default.

Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible.There is no mention of these vulnerabilities being exploited in the wild, but flaws in Atlassian Confluence are often leveraged by attackers.

Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that a pair of critical-rated flaws threaten their security. The same CVE can also be exploited in a cross-site scripting attack: a specially crafted HTTP request can bypass the Servlet Filter used to validate legitimate Atlassian Gadgets.

Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers. According to Atlassian, the app helps improve communication with the organization's internal Q&A team and is currently installed on over 8,000 Confluence servers.