1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Atlassian is being actively exploited to compromise corporate net

    From TechnologyDaily@1337:1/100 to All on Wed Oct 5 15:30:03 2022
    Atlassian is being actively exploited to compromise corporate networks

    Date:
    Wed, 05 Oct 2022 14:12:51 +0000

    Description:
    US Government urges organizations to patch their endpoints immediately.

    FULL STORY ======================================================================

    Two widely-used Atlassian Bitbucket tools - Server and Data Center, carry a high severity flaw that allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code, experts
    have warned.

    The flaw is being actively used in the wild, the US Cybersecurity and Infrastructure Agency (CISA) has noted, urging companies that use the tools
    to patch their endpoints immediately. Internet traffic analysts GreyNoise confirmed CISAs findings, saying it had found evidence of the flaw being exploited.

    The flaw is tracked as CVE-2022-36804, and was present in version 7.0.0 of both tools all the way up to version 8.3.0. Companies that are unable to
    apply the patch immediately should turn off public repositories to minimize the risk, Atlassian said. Summer patching

    The company confirmed the flaws existence in late August 2022, but this is
    not the first time this year that Atlassian had to patch major software
    flaws.

    Last summer, several of its popular products, including Jira, Confluence, and Bamboo were found to be carrying two high-severity vulnerabilities that allowed for remote code execution and privilege escalation.

    The first vulnerability is tracked as CVE-2022-26136, an arbitrary Servlet Filter bypass, allowing threat actors to bypass custom Servlet Filters that third-party apps use for authentication. All theyd need to do is send a custom, malicious HTTP request. Read more

    Atlassian orders customers to cut internet access to Confluence after
    critical bug discovered


    Atlassian is suffering a whole bunch of awful security issues


    Here are the best malware removal tools

    The second vulnerability is tracked as CVE-2022-26137, and is described as a cross-origin resource sharing (CORS) bypass.

    "Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass, Atlassian said. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim's permissions."

    While these two flaws were found in a handful of Atlassian products, there
    was one more, found only in Confluence. The CVE-2022-26138 flaw is, in fact,
    a hard-coded password, set up to help cloud migrations.

    The flaws have since been patched. These are the best firewalls around

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/atlassian-is-being-actively-exploited-to-compro mise-corporate-networks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)