Collaborate Disseminate
If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public. About… Continue reading High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)
Roughly 6,600 people — primarily current and former Government Accountability Office employees — had their data accessed, the agency said.
The post Atlassian vulnerability at fault in GAO breach appeared first on CyberScoop.
Continue reading Atlassian vulnerability at fault in GAO breach
Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions 8.5.4… Continue reading Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)
Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-147… Continue reading Atlassian fixes four critical RCE vulnerabilities, patch quickly!
Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances’ database, Greynoise is observing. The Shadowserver Foundation has also seen 30+ IP addre… Continue reading Atlassian Confluence data-wiping vulnerability exploited
Atlassian is urging enterprise administrators to update their on-premises Confluence Data Center and Server installations quickly to plug a critical security vulnerability (CVE-2023-22518) that could lead to “significant data loss if exploited by… Continue reading Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518)
A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a c… Continue reading Critical Atlassian Confluence vulnerability exploited by state-backed threat actor
Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild. “Atlassian has been made aware of an issue reported by a handful of customers where external attacker… Continue reading Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)
Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible. There is no mention of these vu… Continue reading Atlassian fixes critical flaws in Confluence, Jira, Bitbucket and other products, update quickly!
According to Volexity, a webshell was discovered in Atlassian Confluence server during an incident response investigation. Volexity determined that it was a zero-day vulnerability that could execute remote code even after the latest patch was completed… Continue reading Criminal IP analysis report on zero-day vulnerability in Atlassian Confluence