Atlassian reveals critical flaws in almost everything it makes and touches

Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that a pair of critical-rated flaws threaten their security.

The company’s July security advisories detail “Servlet Filter dispatcher vulnerabilities.”

One of the flaws – CVE-2022-26136 – is described as an arbitrary Servlet Filter bypass that means an attacker could send a specially crafted HTTP request to bypass custom Servlet Filters used by third-party apps to enforce authentication.

Read more…
Source: The Register