Atlassian Vulnerability Alerts

Urgent: Critical Vulnerability Found in Bitbucket Products

On Wednesday September 18, 2019, Atlassian announced a critical “argument injection vulnerability.” In certain cases, this vulnerability allows a remote user an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git repository in… read more

Urgent: Critical Vulnerability Found in Jira Products

On Wednesday September 18, 2019, Atlassian announced a critical “template injection vulnerability” in the Jira Importers Plugin that is included with the distribution of Jira and Jira Data Center. In certain cases, this vulnerability allows a remote user with “Jira Administrator” permission to remotely execute code on systems that run a vulnerable version of Jira Server… read more

Urgent: Critical Vulnerability Found in Jira Service Desk Products

On Wednesday September 18, 2019, Atlassian announced a critical “URL path traversal allows information disclosure” vulnerability in Jira Service Desk Server and Jira Service Desk Data Center. By design, Jira Service Desk gives Customer Portal users permission only to raise requests and view issues. This allows users to interact with the Customer Portal without having… read more

Urgent: Serious Vulnerability Found in Confluence Server and Data Center Products

By Dave Theodore Atlassian Team Manager On Wednesday August 28, 2019, Atlassian announced a critical “Confluence Local File Disclosure.” In certain cases, this vulnerability allows a remote user to view the contents of files on the Confluence server file system. Some configurations of Confluence may have files with credentials embedded in that can be exposed… read more

Urgent: Serious Vulnerability Found in Jira Server and Data Center Products

By Ryan Skarra-Gallagher Senior Systems Engineer On Wednesday July 10, 2019, Atlassian announced a critical “Template Injection” vulnerability in Jira Server and Data Center products. In certain cases, this vulnerability allows remote code execution. What you need to know… Versions affected: This vulnerability affects most versions of Jira, from 4.4.X through 8.2.X. Versions already fixed:… read more