Atlassian Patches Servlet Filter Vulnerabilities Impacting Multiple Products By Orbit Brain July 22, 2022 0 312 views Dwelling › VulnerabilitiesAtlassian Patches Servlet Filter Vulnerabilities Impacting A number of MerchandiseBy Ionut Arghire on July 21, 2022TweetAtlassian this week introduced patches for 2 crucial Servlet Filter vulnerabilities that influence a number of merchandise throughout its portfolio.Servlet Filters are items of Java code designed to intercept and course of HTTP requests despatched between a shopper and a backend. Servlet Filters could supply safety mechanisms equivalent to auditing, authentication, logging, or authorization.Tracked as CVE-2022-26136 and described as a Servlet Filter bypass, the primary of the issues may enable a distant, unauthenticated attacker to ship specifically crafted HTTP request and authenticate to third-party apps, or to launch a cross-site scripting (XSS) assault, to execute JavaScript code in a person’s browser.The second vulnerability – CVE-2022-26137 – could end in extra Servlet Filters to be invoked through the processing of requests and responses, resulting in a cross-origin useful resource sharing (CORS) bypass. A distant, unauthenticated attacker could exploit the flaw to entry the weak software.The problems, the corporate says, influence Bamboo Server and Information Middle, Bitbucket Server and Information Middle, Confluence Server and Information Middle, Crowd Server and Information Middle, Fisheye and Crucible, Jira Server and Information Middle, and Jira Service Administration Server and Information Middle.Atlassian says it has launched patches for all the impacted merchandise and encourages customers to replace their installations as quickly as potential.This week, the corporate additionally introduced software program updates that resolve a crucial vulnerability within the Questions for Confluence software working on Confluence Server or Information Middle.Questions for Confluence is a data sharing software that helps Confluence customers discover data, share their data with others, and join with specialists to resolve particular points sooner.On Wednesday, Atlassian warned that, when enabled on the Confluence Server and Information Middle, the applying creates a person account with hardcoded credentials. Tracked as CVE-2022-26138, the bug is taken into account “crucial severity.”Having the username disabledsystemuser and a hardcoded password, the Confluence person account can be added to the confluence-users group, which means that it has entry to non-restricted pages inside Confluence.“A distant, unauthenticated attacker with data of the hardcoded password may exploit this to log into Confluence and entry any pages the confluence-users group has entry to,” Atlassian warns.The flaw impacts Questions for Confluence variations 2.7.34, 2.7.35, and three.0.2. Customers can confirm if their Confluence deployments are impacted by looking for the disabledsystemuser person or the related e mail deal with [email protected]Atlassian additionally factors out that the person account shouldn’t be eliminated when uninstalling the Questions for Confluence functions and that it needs to be disabled or deleted manually.The problem has been resolved with the discharge of Questions for Confluence variations 2.7.38 (suitable with Confluence 6.13.18 via 7.16.2) and three.0.5 (suitable with Confluence 7.16.three and later). Upgrading to those software iterations removes the disabledsystemuser person account if it has been created beforehand.Atlassian says it has not obtained studies of this vulnerability being exploited in assaults.Associated: Atlassian Patches Confluence Zero-Day as Exploitation Makes an attempt SurgeAssociated: Atlassian Confluence Servers Hacked by way of Zero-Day VulnerabilityAssociated: Atlassian Patches Vital Authentication Bypass Vulnerability in JiraGet the Every day Briefing Most LatestMost LearnUnderstanding the Evolution of Cybercrime to Predict its FutureRomanian Operator of Bulletproof Internet hosting Service Extradited to the USAnvilogic Scores $25 Million Collection B to Deal with SOC ModernizationUSCYBERCOM Releases IoCs for Malware Concentrating on UkraineAtlassian Patches Servlet Filter Vulnerabilities Impacting A number of MerchandiseExploitation of Latest Chrome Zero-Day Linked to Israeli Spyware and adware FirmA whole lot of ICS Vulnerabilities Disclosed in First Half of 2022Cisco Patches Extreme Vulnerabilities in Nexus DashboardMachine Identification Administration Agency AppViewX Raises $20 MillionApple Ships Pressing Safety Patches for macOS, iOSSearching for Malware in All of the Fallacious Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act By way of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureThe right way to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingThe right way to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp Atlassian authentication bypass CVE-2022-26136 CVE-2022-26137 CVE-2022-26138 hardcoded credentials patch Questions for Confluence Servlet Filter vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Microsoft Extends Aid for Ukraine’s Wartime Tech InnovationIntroducing the Cyber Security News Microsoft Extends Aid for Ukraine’s Wartime Tech Innovation.... November 4, 2022 Cyber Security News
Google Announces Vulnerability Scanner for Open Source DevelopersIntroducing the Cyber Security News Google Announces Vulnerability Scanner for Open Source Developers.... December 14, 2022 Cyber Security News
Now On Demand: SecurityWeek Cloud Security Summit, Presented by Palo Alto NetworksIntroducing the Cyber Security News Now On Demand: SecurityWeek Cloud Security Summit, Presented by Palo Alto Networks.... June 17, 2022 Cyber Security News
New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD ProcessorsIntroducing the Cyber Security News New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD Processors.... June 15, 2022 Cyber Security News
New ‘CloudMensis’ macOS Spyware Used in Targeted AttacksIntroducing the Cyber Security News New ‘CloudMensis’ macOS Spyware Used in Targeted Attacks.... July 20, 2022 Cyber Security News
Is OTP a Viable Alternative to NIST’s Post-Quantum Algorithms?Introducing the Cyber Security News Is OTP a Viable Alternative to NIST’s Post-Quantum Algorithms?.... October 5, 2022 Cyber Security News
Bitcoin ETF Netflows May Experience Rebound If This Price Is Attained, Analyst ExplainsMarch 23, 2024 71
Solana Memecoin Presale Gone Wrong: Creator Accidentally Burns $10M, Whale Makes Huge ProfitMarch 18, 2024 70