Understanding the Recent Confluence Vulnerability (CVE-2023-22515) and Digging into Atlassian Bamboo | allinfosecnews.com

Oct. 20, 2023, 1:03 p.m. | Emmaline

Blog - Praetorian www.praetorian.com

Overview Recently, Rapid7 disclosed a vulnerability within Confluence that allowed a remote unauthenticated attacker to create a new administrative user account by bypassing the XWork SafeParameterFilter functionality. Our vulnerability research team decided to take a look at another Atlassian product, Atlassian Bamboo, to determine if a similar vulnerability existed within that application. In this post, […]

The post Understanding the Recent Confluence Vulnerability (CVE-2023-22515) and Digging into Atlassian Bamboo appeared first on Praetorian.

account atlassian attacker bamboo bypassing confluence confluence vulnerability cve cve-2023-22515 labs product rapid7 research team unauthenticated understanding vulnerability vulnerability research vulnerability research team

More from www.praetorian.com / Blog - Praetorian

Compromising ByteDance’s RSPack using GitHub Actions Vulnerabilities 1 week, 2 days ago | www.praetorian.com

actions attacker bytedance bytedance rspack +16

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 1 month, 2 weeks ago | www.praetorian.com

ant application customers cve +21

MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 3 months, 1 week ago | www.praetorian.com

article can cross-site cswsh +17

Exploiting Kubernetes through Operator Injection 3 months, 3 weeks ago | www.praetorian.com

application applications attack attackers +20

Relution Remote Code Execution via Java Deserialization Vulnerability 4 months, 1 week ago | www.praetorian.com

application article can clients +26

Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 4 months, 3 weeks ago | www.praetorian.com

attack cd security ci compromise +5

Understanding the Impact of the new Apache Struts File Upload Vulnerability 5 months, 4 weeks ago | www.praetorian.com

abuse apache apache struts bug +23

SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 6 months ago | www.praetorian.com

authentication authentication bypass bypass code +19

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 6 months ago | www.praetorian.com

analysis application code code execution +17

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States

View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com