Multiple Vulnerabilities in Atlassian Products (CVE-2022-26136, CVE-2022-26137, CVE-2022-26138)

Posted on July 20, 2022 in Services & System Applications

Multiple Vulnerabilities have been disclosed in Atlassian Products. A hardcoded credential vulnerability in Questions for Confluence, and Servlet Filter Bypass Vulnerabilities have been found in multiple Atlassian products that may enable Authentication Bypasses, XSS Attacks, and CORS attacks. These vulnerabilites have been assigned a bug alert severity of 'very high'. Atlassian recommends patching affected installations immediately.


Continue reading

Unauthenticated Remote Code Execution in Atlassian Confluence (CVE-2022-26134)

Posted on June 02, 2022 in Services & System Applications

An unauthenticated remote code execution flaw has been found, and is being actively exploited, in Atlassian Confluence, and has been assigned a bug alert severity of 'very high'. Atlassian recommends removing installations from the Internet immediately.


Continue reading

Authentication Bypass in Atlassian Jira (CVE-2022-0540)

Posted on April 20, 2022 in Services & System Applications

An authentication bypass vulnerability has been found in Atlassian Jira. This issue can be exploited in the default configuration, and has been assigned a bug alert severity of 'very high'.


Continue reading

Local privilege escalation in pkexec, a core Linux system component

Posted on January 25, 2022 in Operating Systems

A local privilege escalation bug (from any user to root) has been found polkit's pkexec, and exploit code is available. This binary is a SUID root program available on every major Linux distro, and is most commonly installed if a GUI is present. The flaw has been assigned a bug alert severity of 'very high'.


Continue reading