atlassian – Weekly Geek

Critical vulnerability in Atlassian Confluence server is under “mass exploitation”

reader comments 17 with A critical vulnerability in Atlassian’s Confluence enterprise server app that allows for malicious commands and reset servers is under active exploitation by threat actors in attacks that install ransomware, researchers said. “Widespread exploitation of the CVE-2023-22518 authentication bypass vulnerability in Atlassian Confluence Server has begun, posing a risk of significant data… Read More »

Hardcoded password in Confluence app has been leaked on Twitter

Enlarge (credit: Getty Images) What’s worse than a widely used Internet-connected enterprise app with a hardcoded password? Try said enterprise app after the hardcoded password has been leaked to the world. Atlassian on Wednesday revealed three critical product vulnerabilities, including CVE-2022-26138 stemming from a hardcoded password in Questions for Confluence, an app that allows users… Read More »