1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Atlassian is suffering a whole bunch of awful security issues

    From TechnologyDaily@1337:1/100 to All on Thu Jul 21 15:30:03 2022
    Atlassian is suffering a whole bunch of awful security issues

    Date:
    Thu, 21 Jul 2022 14:20:32 +0000

    Description:
    Patches have been issued and users warned, but fixes still need to be applied manually.

    FULL STORY ======================================================================

    Users of several popular Atlassian products, including Jira, Confluence, and Bamboo could be vulnerable to two high-severity vulnerabilities that allow remote code execution and escalation of privilege.

    As reported by The Register , Atlassian recently issued a warning, which details Servlet Filter dispatcher vulnerabilities.

    The first vulnerability is tracked as CVE-2022-26136, an arbitrary Servlet Filter bypass, allowing threat actors to bypass custom Servlet Filters that third-party apps use for authentication. All theyd need to do is send a custom, malicious HTTP request. How deep the rabbit hole goes

    While Atlassian says it has now fixed the issue, this is only the case for some of its products, with the full extent of the vulnerability is still unknown.

    "Atlassian has released updates that fix the root cause of this
    vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability," the security advisory reads .

    Furthermore, the company explained how the same flaw could be used in a cross-site scripting attack. By using a custom HTTP request, a threat actor can bypass the Servlet Filter that validates authentic Atlassian Gadgets. "An attacker that can trick a user into requesting a malicious URL can execute arbitrary JavaScript in the user's browser," the company said. Read more

    Major Atlassian Confluence vulnerability now under attack


    Atlassian orders customers to cut internet access to Confluence after
    critical bug discovered


    Here's our list of the best antivirus tools right now

    The second vulnerability is tracked as CVE-2022-26137, and is described as a cross-origin resource sharing (CORS) bypass.

    "Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass, Atlassian said. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim's permissions."

    While these two flaws were found in a handful of Atlassian products, there
    was one more, found only in Confluence. The CVE-2022-26138 flaw is, in fact,
    a hard-coded password, set up to help cloud migrations.

    The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to
    users in the confluence-users group, the company concluded.

    The cloud versions of Atlassian products have been patched, it was said,
    while those hosted on corporate endpoints need to be updated manually. Here's our take on the best endpoint protection services right now

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/atlassian-is-suffering-a-whole-bunch-of-awful-s ecurity-issues/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)