Connect with us

Hi, what are you looking for?

Cyber Security

Atlassian patches batch of critical vulnerabilities across multiple products

Atlassian has addressed a hardcoded credential flaw in Questions for Confluence and servlet filter bypasses in multiple other products.

The Australian vendor of software development and collaboration tools issued security advisories with instructions for applying updates and mitigations yesterday (July 20).

Servlet filter bypasses

The servlet filter bypass flaws affect multiple versions of Bamboo Server and Data Center, Bitbucket Server and Data Center, Confluence Server and Data Center, Crowd Server and Data Center, Fisheye and Crucible, Jira Server and Data Center, and Jira Service Management Server and Data Center.

Fixes have been deployed to Atlassian Cloud sites.

Servlet filters intercept and process HTTP requests before a client request is sent to a backend resource, and from a backend resource before they’re sent to a client.

A vulnerability tracked as CVE-2022-26136 allowed an unauthenticated attacker to bypass servlet filters used by as-yet unspecified first- and third-party apps.

The impact depends on which filters an app uses and how they are used, said Atlassian.

“Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences,” reads the security advisory.

Atlassian has ascertained that unauthenticated attackers could send a specially crafted HTTP request to bypass custom servlet filters and authentication used by third party apps to enforce authentication, or to bypass the servlet filter used to validate legitimate Atlassian Gadgets and achieve cross-site scripting (XSS).

Another vulnerability allows an unauthenticated attacker to cause additional servlet filters to be invoked when the application processes requests or responses (CVE-2022-26137).

Atlassian said it has addressed the only known, related security issue – a cross-origin resource sharing (CORS) bypass whereby a specially crafted HTTP request could invoke the servlet filter used to respond to CORS requests.

Questions for Confluence

The hardcoded credential in Questions for Confluence, a forum-style app for enterprise wiki platform Confluence, is created for a user account with the username disabledsystemuser, which supports administrators in migrating data from the app to Confluence Cloud.

The disabledsystemuser account “is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default”, reads the corresponding security advisory.

“A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to.”

“While Atlassian has not received any reports of this issue being exploited in the wild, the hardcoded password is trivial to obtain,” said Atlassian.

Advertisement. Scroll to continue reading.

The flaw (CVE-2022-26138) applies when the Questions for Confluence app is enabled on Confluence Server or Data Center. Confluence Cloud is unaffected.

Atlassian has warned that uninstalling the Questions for Confluence app does not alone remediate the vulnerability, since doing do fails to remove the disabledsystemuser account.

Instead, users must either manually deactivate or delete these accounts or update Questions for Confluence to version 2.7.38 or 3.0.5, which removes as well as stops creating the user account in question.

Users can determine whether the flaw has been exploited on their instance by reviewing users’ last logon times. “If the last authentication time for disabledsystemuser is null, that means the account exists but no one has ever logged into it,” said Atlassian.

Source: https://portswigger.net/daily-swig/atlassian-patches-batch-of-critical-vulnerabilities-across-multiple-products

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO