all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Understanding the Recent Confluence Vulnerability (CVE-2023-22515) and Digging into Atlassian Bamboo

Add to bookmarks
Oct. 20, 2023, 1:03 p.m. | Emmaline

Blog - Praetorian www.praetorian.com

Overview Recently, Rapid7 disclosed a vulnerability within Confluence that allowed a remote unauthenticated attacker to create a new administrative user account by bypassing the XWork SafeParameterFilter functionality. Our vulnerability research team decided to take a look at another Atlassian product, Atlassian Bamboo, to determine if a similar vulnerability existed within that application. In this post, […]


The post Understanding the Recent Confluence Vulnerability (CVE-2023-22515) and Digging into Atlassian Bamboo appeared first on Praetorian.

account atlassian attacker bamboo bypassing confluence confluence vulnerability cve cve-2023-22515 labs product rapid7 research team unauthenticated understanding vulnerability vulnerability research vulnerability research team

Visit resource

More from www.praetorian.com / Blog - Praetorian

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 1 week, 1 day ago | www.praetorian.com
ant application customers cve +21
MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 2 months ago | www.praetorian.com
article can cross-site cswsh +17
Exploiting Kubernetes through Operator Injection 2 months, 3 weeks ago | www.praetorian.com
application applications attack attackers +20
Relution Remote Code Execution via Java Deserialization Vulnerability 3 months ago | www.praetorian.com
application article can clients +26
Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 3 months, 2 weeks ago | www.praetorian.com
attack cd security ci compromise +5
Understanding the Impact of the new Apache Struts File Upload Vulnerability 4 months, 3 weeks ago | www.praetorian.com
abuse apache apache struts bug +23
SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 4 months, 3 weeks ago | www.praetorian.com
authentication authentication bypass bypass code +19
Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 4 months, 4 weeks ago | www.praetorian.com
analysis application code code execution +17
Why Azure B2C ROPC Custom Flows Are Inherently Insecure 5 months ago | www.praetorian.com
active directory administrators api authentication +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Cybersecurity Consultant

@ Devoteam | Cité Mahrajène, Tunisia
View on infosec-jobs.com

GTI Manager of Cybersecurity Operations

@ Grant Thornton | Phoenix, AZ, United States
View on infosec-jobs.com

(Senior) Director of Information Governance, Risk, and Compliance

@ SIXT | Munich, Germany
View on infosec-jobs.com

Information System Security Engineer

@ Space Dynamics Laboratory | North Logan, UT
View on infosec-jobs.com

Intelligence Specialist (Threat/DCO) - Level 3

@ Constellation Technologies | Fort Meade, MD
View on infosec-jobs.com

Cybersecurity GRC Specialist (On-site)

@ EnerSys | Reading, PA, US, 19605
View on infosec-jobs.com
View more jobs