Authorization Vulnerability in Atlassian Confluence (CVE-2023-22518)

Posted on October 31, 2023 in Services & System Applications

An authorization vulnerability exploitable by unauthenticated users has been discovered in Atlassian Confluence, and has been assigned a bug alert severity of 'very high'. Exploitation of the vulnerability can cause substanial data loss. Atlassian recommends removing installations from the Internet immediately if they cannot be patched.


Continue reading

Privilege Escalation in Atlassian Confluence (CVE-2023-22515)

Posted on October 04, 2023 in Services & System Applications

A privilege escalation flaw has been found, and is being actively exploited, in Atlassian Confluence, and has been assigned a bug alert severity of 'very high'. Atlassian recommends removing installations from the Internet immediately if they cannot be patched.


Continue reading

Testing International Call and SMS Support via Twilio

Posted on November 09, 2022 in Test

This is a test notice, which you have opted in to. Bug Alert has completed integrating Twilio support for international calls and SMS. Save our phone number to your contacts!


Continue reading

Multiple Vulnerabilities in Atlassian Products (CVE-2022-26136, CVE-2022-26137, CVE-2022-26138)

Posted on July 20, 2022 in Services & System Applications

Multiple Vulnerabilities have been disclosed in Atlassian Products. A hardcoded credential vulnerability in Questions for Confluence, and Servlet Filter Bypass Vulnerabilities have been found in multiple Atlassian products that may enable Authentication Bypasses, XSS Attacks, and CORS attacks. These vulnerabilities have been assigned a bug alert severity of 'very high'. Atlassian recommends patching affected installations immediately.


Continue reading

Unauthenticated Remote Code Execution in Atlassian Confluence (CVE-2022-26134)

Posted on June 02, 2022 in Services & System Applications

An unauthenticated remote code execution flaw has been found, and is being actively exploited, in Atlassian Confluence, and has been assigned a bug alert severity of 'very high'. Atlassian recommends removing installations from the Internet immediately.


Continue reading

Remote Code Execution in Microsoft Office Products for Windows

Posted on May 30, 2022 in End-User Applications

A remote code execution vulnerability, dubbed 'Follina', has been found in Microsoft Office via Microsoft Support Diagnostic Tool (MSDT). This issue can be exploited in the default configuration on Windows, and only requires the user be tricked into downloading a malicious file. There is no patch. This issue has been assigned a bug alert severity of 'high'.


Continue reading

Authentication Bypass in Atlassian Jira (CVE-2022-0540)

Posted on April 20, 2022 in Services & System Applications

An authentication bypass vulnerability has been found in Atlassian Jira. This issue can be exploited in the default configuration, and has been assigned a bug alert severity of 'very high'.


Continue reading

Confirmed remote code execution (RCE) in Spring Core, an extremely popular Java framework (CVE-2022-22965)

Posted on March 30, 2022 in Software Frameworks, Libraries, and Components

Praetorian has confirmed that a remote code execution vulnerability exists in Spring, an extremely popular Java framework. How broadly this impacts the Spring ecosystem remains unclear. The flaw has been assigned a bug alert severity of 'critical'.


Continue reading

Advanced warning: possible remote code execution (RCE) in Spring, an extremely popular Java framework

Posted on March 29, 2022 in Software Frameworks, Libraries, and Components

An unconfirmed, but possible, remote code execution vulnerability is believed to exist in Spring, an extremely popular Java framework. This issue is likely easily exploited in common configurations. If confirmed, another notice will be sent out with a severity of 'critical'. While unconfirmed, the severity has been assigned 'high'.


Continue reading

Unauthenticated user impersonation (auth bypass) in SAP

Posted on February 08, 2022 in Services & System Applications

A request smuggling issue in SAP NetWeaver, SAP Content Server, and SAP Web Dispatcher allows unauthenticated user impersonation. These systems are commonly Internet-facing. The flaw has been assigned a bug alert severity of 'critical', and the vendor has supplied patches.


Continue reading