On Wednesday November 6, 2019, Atlassian announced two critical severity vulnerabilities that affect Jira Service Desk and Data Center products (CVE-2019-15003 and CVE-2019-15004). In certain cases, this vulnerability allows an attacker to view all issues within all Jira projects contained in the vulnerable instance. Atlassian views this as a critical vulnerability, requiring immediate attention. Atlassian Cloud instances have already been upgraded to a version of Jira Service Desk which does not have the issue described on this page. Customers who have upgraded Jira Service Desk Server… read more

See What’s New! Atlassian recently announced the Enterprise Release of Jira 8.5 and Jira Service Desk 4.5. These releases are targeted at the largest Server and Data Center organizations who value stability above all else due to the complexity of their configurations. As such, they have been subjected to rigorous performance and scalability testing and contain backported bug fixes and security updates for long-term support. Enterprise releases are ideal for customers who plan to upgrade… read more

On Wednesday September 18, 2019, Atlassian announced a critical “argument injection vulnerability.” In certain cases, this vulnerability allows a remote user an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git repository in Bitbucket Server or Bitbucket Data Center. If public access is enabled for a project or repository, then attackers are able… read more

On Wednesday September 18, 2019, Atlassian announced a critical “template injection vulnerability” in the Jira Importers Plugin that is included with the distribution of Jira and Jira Data Center. In certain cases, this vulnerability allows a remote user with “Jira Administrator” permission to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. Note: This includes Jira Software, Jira Core Server, and Jira Service Desk and their Data Center counterparts. What… read more

On Wednesday September 18, 2019, Atlassian announced a critical “URL path traversal allows information disclosure” vulnerability in Jira Service Desk Server and Jira Service Desk Data Center. By design, Jira Service Desk gives Customer Portal users permission only to raise requests and view issues. This allows users to interact with the Customer Portal without having direct access to the Jira Agent view for the Project, other Projects or other underlying functions in Jira. These restrictions… read more

This short eBook identifies the features that Slack integrates with each of these Incident Management applications.… read more