#jira

In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.

Red Hat Security Advisory 2022-5004-01 - Red Hat OpenShift Service Mesh is a Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-5704-01 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a privilege escalation vulnerability.

IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.

A hardcoded password associated with the Questions for Confluence app has been publicly released, which will likely lead to exploit attempts that give cyberattackers access to all Confluence content.

The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page.

Jira, Bamboo, Bitbucket, Confluence, Fisheye/Crucible, and Questions for Confluence affected

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "