Authentication Bypass in Atlassian Jira (CVE-2022-0540)

Posted on April 20, 2022 in Services & System Applications

An authentication bypass vulnerability has been found in Atlassian Jira. This issue can be exploited in the default configuration, and has been assigned a bug alert severity of 'very high'.


Continue reading

Local privilege escalation in pkexec, a core Linux system component

Posted on January 25, 2022 in Operating Systems

A local privilege escalation bug (from any user to root) has been found polkit's pkexec, and exploit code is available. This binary is a SUID root program available on every major Linux distro, and is most commonly installed if a GUI is present. The flaw has been assigned a bug alert severity of 'very high'.


Continue reading