Atlassian fixes critical flaws in Confluence, Jira, Bitbucket and other products, update quickly!

Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible.

There is no mention of these vulnerabilities being exploited in the wild, but flaws in Atlassian Confluence are often leveraged by attackers.

CVE-2022-26138 affects the Questions for Confluence app, which is deployed and used by some Confluence Server and Data Center customers.

Because of this, and because uninstalling the app does not automatically remove the disabledsystemuser account, AND because it’s possible the account has been previously created by a version of the app that has been installed and uninstalled, Atlassian urges customers to check whether that active user account is present and to disable or delete it before or after updating to a non-vulnerable version of the app.

“These vulnerabilities affect the code included with each affected product. Systems are still affected even if they do not have any third-party apps installed,” Atlassian added.

“Unfortunately, Atlassian cannot confirm if an instance has been compromised. Please involve the local security team or a specialist security forensics firm for further investigation. Atlassian recommends checking the integrity of the application filesystem, for example, comparison of artifacts in their current state with recent backups to see if there are any unexpected differences. All security compromises are different, and there is a risk that an attacker could hide their footprint and change important files such as depending on the component that has been compromised.”

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

This field is for validation purposes and should be left unchanged.
Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

This site is registered on wpml.org as a development site.