CVE-2024-21685 - Unauthenticated Information Disclosure in Jira Core Data Center (Explained + Exploit Details)
Published: June 2024
CVSS Score: 7.4 (High Severity)
Affected: Jira Core Data Center 9.4., 9.12., 9.15.
Jira Core Data Center is
CVE-2024-21401 - Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability Explained
Date discovered: February 2024
Severity: Critical
Affected product: Microsoft Entra ID (Azure AD) Jira SSO Plugin
Attack type: Elevation of Privilege (EoP)
Introduction
In early
CVE-2023-44384 - How Discourse-Jira Plugin Exposed Servers to SSRF and Data Leaks
TL;DR
CVE-2023-44384 is a critical security vulnerability in the _discourse-jira_ plugin that could let attackers abuse admin or moderation features to perform SSRF (Server-Side
CVE-2023-41932 - Exploiting the Jenkins Job Configuration History Plugin to Delete Arbitrary Directories
The software development world relies heavily on automation tools like Jenkins. Many teams use plugins to extend Jenkins’ features. But sometimes, a plugin exposes a
CVE-2023-40338 - Jenkins Folders Plugin File Path Disclosure Exploit Explained
If you’re using Jenkins for continuous integration (CI/CD), you likely depend on plugins to extend its core functionality. But plugins can sometimes introduce
Episode
00:00:00
00:00:00