1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Atlassian customers told to patch critical Jira vulnerability

    From TechnologyDaily@1337:1/100 to All on Thu Jul 22 15:15:04 2021
    Atlassian customers told to patch critical Jira vulnerability

    Date:
    Thu, 22 Jul 2021 14:10:36 +0000

    Description:
    Critical Jira vulnerability could allow threat actors to remotely run arbitrary code on the instances.

    FULL STORY ======================================================================

    Atlassian has disclosed a critical vulnerability in some of its products
    that could be exploited to enable remote attackers to execute arbitrary code in some Jira Data Center products.

    The vulnerability tracked as CVE-2020-36239 exists in Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center products.

    The vulnerability is the result of a missing authentication flaw in Jira's implementation of Ehcache, which is a widely used open source cache thats
    used by Java applications to enhance performance and scalability. These are the best endpoint protection tools Check our list of the best firewall apps and services Heres our roundup of the best laptops for programming

    Last month, cybersecurity researchers from Check Point Research found
    security flaws in Atlassians collaboration software and developer tools , which could potentially be exploited to launch a SolarWinds-like supply-chain attack. Critical flaw

    Exploiting the newly patched flaw in the Jira Data Center products, remote attackers could connect to Ehcaches RMI (remote method invocation) ports without being asked for any authentication information, giving them the opportunity to execute arbitrary code of their choice in Jira via object deserialization.

    In an email announcement seen by BleepingComputer , Atlassian is urging its enterprise customers to upgrade to the patched versions of these products without delay.

    Atlassian has also published workarounds for customers who cant immediately update the affected instances, which basically involves restricting access to the Ehcache RMI ports on the affected products to only cluster instances. Protect your devices with these best antivirus software

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/atlassian-customers-told-to-patch-critical-jira -vulnerability/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)