Security News

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise
2024-08-07 03:00

The possibility to integrate security in development processes has given rise to DevSecOps, where development and operations teams work together with security teams and all their processes are converged. The incidents affecting GitHub users in 2023 increased by over 21% compared to the previous year.

Jira down: Atlassian outage affecting multiple cloud services
2024-01-18 09:47

Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. BleepingComputer can confirm that Jira services are experiencing connection issues since this morning, at least as of 3:45 AM Eastern time.

Atlassian warns of critical Jira Service Management auth flaw
2023-02-03 14:31

A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems.Atlassian explains that the security issue affects versions 5.3.0 through 5.5.0 and that hackers can get "Access to a Jira Service Management instance under certain circumstances."

Atlassian fixes critical bug giving access to Jira Service Management
2023-02-03 14:31

A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems. Atlassian explains that the security issue affects versions 5.3.0 through 5.5.0 and that hackers can get "Access to a Jira Service Management instance under certain circumstances."

Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)
2023-02-03 09:57

Australian software maker Atlassian has released patches for CVE-2023-22501, a critical authentication vulnerability in Jira Service Management Server and Data Center, and is urging users to upgrade quickly. "Installing a fixed version of Jira Service Management is the recommended way to remediate this vulnerability. If you are unable to immediately upgrade Jira Service Management, you can manually upgrade the version-specific servicedesk-variable-substitution-plugin JAR file as a temporary workaround," they advised.

Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability
2023-02-03 07:55

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 and has been described as a case of broken authentication with low attack complexity.

Atlassian fixes critical flaws in Confluence, Jira, Bitbucket and other products, update quickly!
2022-07-21 09:21

Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible.There is no mention of these vulnerabilities being exploited in the wild, but flaws in Atlassian Confluence are often leveraged by attackers.

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
2022-04-22 22:52

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph.

Atlassian fixes critical Jira authentication bypass vulnerability
2022-04-22 14:05

Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company's web application security framework.Seraph is used in Jira and Confluence for handling all login and logout requests via a system of pluggable core elements.