Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo

24-Jul-23

The researchers who found the hole published their comprehensive analysis of the vulnerability on Tuesday, stating that it constituted a threat vector similar to SolarWinds or the more recent 3CX and MOVEit supply chain attacks. The problem was fixed in June, but the researchers who identified the fault didn’t stop there.

The application enables users to import code from various repositories and cloud storage areas and conduct builds on Google Cloud according to their specifications. The “Bad.Build” problem was mostly caused by the permissions granted to the Cloud Build service’s default service accounts.

Read More…