Security News
The Jenkins team issued a reminder over the weekend that one should keep one's systems patched as it found itself with a compromised Confluence service. Although the affected instance of Confluence integrated with the company's identity system, the group said: "At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected."
US Cyber Command has issued a rare alert today urging US organizations to patch a massively exploited Atlassian Confluence critical vulnerability immediately.The USCYBERCOM unit also stressed the importance of patching vulnerable Confluence servers as soon as possible: "Please patch immediately if you haven't already- this cannot wait until after the weekend."
Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released. Atlassian Confluence is a very popular web-based corporate team workspace that allows employees to collaborate on projects.
Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw. Atlassian has released fixed versions of the product - namely versions 6.13.23, 7.4.11, 7.11.6, 7.12.5, and 7.13.0 - but the company's advisory suggests upgrading to the latest long-term service release.
Atlassian has dropped a patch for a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products, which can lead to arbitrary code execution. Atlassian is a platform that's used by 180,000 customers to engineer software and manage projects, and Jira is its proprietary bug-tracking and agile project-management tool.
Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products. According to Atlassian, security researcher Harrison Neal discovered that Jira Data Center - including Software Data Center and Core Data Center - and Jira Service Management Data Center software development products are affected by a critical flaw related to missing authentication for the Ehcache RMI network service.
Atlassian is prompting its enterprise customers to patch a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers arbitrary code execution abilities, due to a missing authentication flaw in Jira's implementation of Ehcache, an open-source component.
Researchers at cybersecurity firm Check Point discovered several vulnerabilities that could have been chained to take over Atlassian accounts or access a company's Bitbucket-hosted source code. The software development and collaboration tools made by Australia-based Atlassian are used by more than 150,000 organizations worldwide, which can make the company's products a tempting target for malicious actors.
Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information, such as security issues on Atlassian cloud, Bitbucket and on premise products," Check Point Research said in an analysis shared with The Hacker News.
On Thursday, Check Point Research published a report outlining how an attacker could have exploited the bugs to access Atlassian's Jira: a proprietary bug-tracking and agile project management tool. CPR researchers said that with just one click, an attacker could have siphoned sensitive information out of Jira, such as "Security issues on Atlassian cloud, Bitbucket and on-premise products."