A threat offer to sell a zero-day exploit for Atlassian’s Jira in a underground forum. This exploit can be used on the latest version of Jira desktop app and Jira integrated with Confluence. According to the offer, It does not require any login credentials and can also work with Okta Single Sign-On (SSO), making it more impactful.
Microsoft cybersecurity researchers found that the "Storm-0501" ransomware group is targeting hybrid cloud environments. Storm-0501 Attacking Cloud Environments: Storm-0501 is...
To improve cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) has partnered with international agencies to release a guide on...
Exploit Type: Zero-day Remote Code Execution (RCE)
Target: Atlassian Jira (latest desktop version and integrated with Confluence)
Login Requirement: None
SSO Compatibility: Okta SSO
Price: 800,000 XMR (Monero)
If the claim to be true, this exploit is a major security threat due to the widespread use of Jira and Confluence in corporate environments for project management and collaboration.
(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)