CVE-2022-38367 The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks
This issue has been fixed in Jira 7.0.6 and later. Additionally, the LDAP Authenticated Users permission gives full control over the LDAP server
CVE-2022-26135 The Mobile Plugin for Jira Data Center and Server has an endpoint that can be brute-forced by a remote, authenticated user.
The vulnerability can be exploited if the user has permissions to access the ‘batch’ feature on the target server. We recommend not relying on this
CVE-2022-1940 Jira integration in GitLab EE is vulnerable to stored cross-site scripting, and is affected by versions 13.11-14.9.5, 14.10-14.10.4, and 15.0-15.0.1
The proof of concept (PoC) code is as follows: function doit() { var target = ‘URL of GitLab EE>'; alert(‘You clicked on “‘ + target + ’”!’); } When
CVE-2022-0540 An attacker can bypass authentication by sending a specially crafted HTTP request in Jira Seraph.
This can be exploited via the following path: /admin/config/confirm_email. By sending an email to the end user, an attacker can bypass authentication
CVE-2022-27448: Uncovering an Assertion Failure in MariaDB Server v10.9 and Below – A Deep Dive into the Vulnerability, Exploit Details, and Available Patches
A recently discovered vulnerability known as CVE-2022-27448 has raised security concerns within the web community, as it affects MariaDB Server version 10.9 and below.
Episode
00:00:00
00:00:00