
Cloud Vulnerability DB
Eine von der Community geführte Datenbank für Schwachstellen
A critical vulnerability (CVE-2022-26136) discovered in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third-party apps. The vulnerability affects multiple Atlassian Server and Data Center products including Bamboo, Bitbucket, Confluence, Crowd, Fisheye and Crucible, Jira, and Jira Service Management. Atlassian Cloud sites are not affected as patches have been deployed (Atlassian Advisory).
The vulnerability exists in how Atlassian products implement Servlet Filters, which are used to intercept and process HTTP requests before they reach backend resources. A Servlet Filter can provide security mechanisms such as authentication, authorization, logging, and auditing. The vulnerability allows attackers to bypass these filters through specially crafted HTTP requests. The CVSS v3.1 base score is 9.8 CRITICAL (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).
The vulnerability can lead to multiple security impacts: authentication bypass where attackers can bypass custom Servlet Filters used by third-party apps to enforce authentication, cross-site scripting (XSS) by bypassing the Servlet Filter used to validate legitimate Atlassian Gadgets, and cross-origin resource sharing (CORS) bypass allowing attackers to access vulnerable applications with victim's permissions (Arctic Wolf).
Atlassian has released security patches for all affected products and versions. There are no known workarounds, and updating to the fixed versions is required to remediate the vulnerability. Organizations should upgrade to the latest versions specified in the security advisory. For Confluence Server and Data Center users who previously upgraded during the June 2022 advisory, no additional action is needed as the fix was included in those releases (Atlassian FAQ).
Quelle: Dieser Bericht wurde mithilfe von KI erstellt
Kostenlose Schwachstellenbewertung
Bewerten Sie Ihre Cloud-Sicherheitspraktiken in 9 Sicherheitsbereichen, um Ihr Risikoniveau zu bewerten und Lücken in Ihren Abwehrmaßnahmen zu identifizieren.
Eine personalisierte Demo anfordern
"Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads."
"„Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.“ "
"„Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch wirklich kritisch ist.“"