Tag
#jira
Super admins can, among other things, modify Jira connections, reset user accounts, and modify security settings
Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk.
Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2022-6905-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.50. Issues addressed include a code execution vulnerability.
Categories: Cybercrime Categories: News Tags: Brasil Tags: Lapsus$ Tags: Telegram Tags: Dark Web Tags: data exfiltration Tags: SIM jacking Tags: arrests A person suspected of being a member of hacking group Lapsus$ has been arrested by Brazilian police (Read more...) The post Suspected LAPSUS$ group member arrested in Brazil appeared first on Malwarebytes Labs.
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.
Red Hat Security Advisory 2022-6801-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.51. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6805-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.36. Issues addressed include a code execution vulnerability.
### Impact An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. ### Patches This issue is patched in gajira-create version 2.0.1. ### Workarounds There are no known workarounds. ### References [GitHub Security Lab advisory GHSL-2020-172](https://securitylab.github.com/advisories/GHSL-2020-172-gajira-create-action)