- Jul 27, 2015
- 5,458
Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that a pair of critical-rated flaws threaten their security.
The company's July security advisories detail "Servlet Filter dispatcher vulnerabilities." One of the flaws – CVE-2022-26136 – is described as an arbitrary Servlet Filter bypass that means an attacker could send a specially crafted HTTP request to bypass custom Servlet Filters used by third-party apps to enforce authentication. The scary part is that the flaw allows a remote, unauthenticated attacker to bypass authentication used by third-party apps. The really scary part is that Atlassian doesn't have a definitive list of apps that could be impacted.
Atlassian reveals critical flaws across its product line
Fixes issued, warns it 'has not exhaustively enumerated all potential consequences'
www.theregister.com
Search Atlassian Customers & Their Stories | Atlassian
Atlassian powers teamwork at 170,000+ companies worldwide, regardless of industry or size. Search our customer case studies!
www.atlassian.com