Atlassian Patches Servlet Filter Vulnerabilities Impacting Multiple Products By Orbit Brain July 22, 2022 0 308 views Dwelling › VulnerabilitiesAtlassian Patches Servlet Filter Vulnerabilities Impacting A number of MerchandiseBy Ionut Arghire on July 21, 2022TweetAtlassian this week introduced patches for 2 crucial Servlet Filter vulnerabilities that influence a number of merchandise throughout its portfolio.Servlet Filters are items of Java code designed to intercept and course of HTTP requests despatched between a shopper and a backend. Servlet Filters could supply safety mechanisms equivalent to auditing, authentication, logging, or authorization.Tracked as CVE-2022-26136 and described as a Servlet Filter bypass, the primary of the issues may enable a distant, unauthenticated attacker to ship specifically crafted HTTP request and authenticate to third-party apps, or to launch a cross-site scripting (XSS) assault, to execute JavaScript code in a person’s browser.The second vulnerability – CVE-2022-26137 – could end in extra Servlet Filters to be invoked through the processing of requests and responses, resulting in a cross-origin useful resource sharing (CORS) bypass. A distant, unauthenticated attacker could exploit the flaw to entry the weak software.The problems, the corporate says, influence Bamboo Server and Information Middle, Bitbucket Server and Information Middle, Confluence Server and Information Middle, Crowd Server and Information Middle, Fisheye and Crucible, Jira Server and Information Middle, and Jira Service Administration Server and Information Middle.Atlassian says it has launched patches for all the impacted merchandise and encourages customers to replace their installations as quickly as potential.This week, the corporate additionally introduced software program updates that resolve a crucial vulnerability within the Questions for Confluence software working on Confluence Server or Information Middle.Questions for Confluence is a data sharing software that helps Confluence customers discover data, share their data with others, and join with specialists to resolve particular points sooner.On Wednesday, Atlassian warned that, when enabled on the Confluence Server and Information Middle, the applying creates a person account with hardcoded credentials. Tracked as CVE-2022-26138, the bug is taken into account “crucial severity.”Having the username disabledsystemuser and a hardcoded password, the Confluence person account can be added to the confluence-users group, which means that it has entry to non-restricted pages inside Confluence.“A distant, unauthenticated attacker with data of the hardcoded password may exploit this to log into Confluence and entry any pages the confluence-users group has entry to,” Atlassian warns.The flaw impacts Questions for Confluence variations 2.7.34, 2.7.35, and three.0.2. Customers can confirm if their Confluence deployments are impacted by looking for the disabledsystemuser person or the related e mail deal with [email protected]Atlassian additionally factors out that the person account shouldn’t be eliminated when uninstalling the Questions for Confluence functions and that it needs to be disabled or deleted manually.The problem has been resolved with the discharge of Questions for Confluence variations 2.7.38 (suitable with Confluence 6.13.18 via 7.16.2) and three.0.5 (suitable with Confluence 7.16.three and later). Upgrading to those software iterations removes the disabledsystemuser person account if it has been created beforehand.Atlassian says it has not obtained studies of this vulnerability being exploited in assaults.Associated: Atlassian Patches Confluence Zero-Day as Exploitation Makes an attempt SurgeAssociated: Atlassian Confluence Servers Hacked by way of Zero-Day VulnerabilityAssociated: Atlassian Patches Vital Authentication Bypass Vulnerability in JiraGet the Every day Briefing Most LatestMost LearnUnderstanding the Evolution of Cybercrime to Predict its FutureRomanian Operator of Bulletproof Internet hosting Service Extradited to the USAnvilogic Scores $25 Million Collection B to Deal with SOC ModernizationUSCYBERCOM Releases IoCs for Malware Concentrating on UkraineAtlassian Patches Servlet Filter Vulnerabilities Impacting A number of MerchandiseExploitation of Latest Chrome Zero-Day Linked to Israeli Spyware and adware FirmA whole lot of ICS Vulnerabilities Disclosed in First Half of 2022Cisco Patches Extreme Vulnerabilities in Nexus DashboardMachine Identification Administration Agency AppViewX Raises $20 MillionApple Ships Pressing Safety Patches for macOS, iOSSearching for Malware in All of the Fallacious Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act By way of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureThe right way to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingThe right way to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp Atlassian authentication bypass CVE-2022-26136 CVE-2022-26137 CVE-2022-26138 hardcoded credentials patch Questions for Confluence Servlet Filter vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
FBI Warns of Fraudulent Crypto Investment ApplicationsIntroducing the Cyber Security News FBI Warns of Fraudulent Crypto Investment Applications.... July 19, 2022 Cyber Security News
Air France, KLM Customers Warned of Loyalty Program Account HackingIntroducing the Cyber Security News Air France, KLM Customers Warned of Loyalty Program Account Hacking.... January 9, 2023 Cyber Security News
Supply Chain Attack Technique Spoofs GitHub Commit MetadataIntroducing the Cyber Security News Supply Chain Attack Technique Spoofs GitHub Commit Metadata.... July 16, 2022 Cyber Security News
BetMGM Confirms Breach as Hackers Offer to Sell Data of 1.5 Million CustomersIntroducing the Cyber Security News BetMGM Confirms Breach as Hackers Offer to Sell Data of 1.5 Million Customers.... December 23, 2022 Cyber Security News
Chinese Hackers Target Building Management SystemsIntroducing the Cyber Security News Chinese Hackers Target Building Management Systems.... June 28, 2022 Cyber Security News
How a Recession Will Affect CISOs?Introducing the Cyber Security News How a Recession Will Affect CISOs?.... January 10, 2023 Cyber Security News
Pantera Capital Plans $250M Solana (SOL) Buy, Analyst Predicts Record Rally Toward $1000March 8, 2024 74