A threat offer to sell a zero-day exploit for Atlassian’s Jira in a underground forum. This exploit can be used on the latest version of Jira desktop app and Jira integrated with Confluence. According to the offer, It does not require any login credentials and can also work with Okta Single Sign-On (SSO), making it more impactful.
CERT-In has flagged a security vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software, identified as CVE-2024-21287 and cataloged as...
On November 26th, Microsoft patched four vulnerabilities detected in Dynamics 365 Sales, the Partner.Microsoft.Com portal, Microsoft Copilot Studio and Azure...
SL Data Services/Propertyrec, an information research provider exposes a non-password-protected database containing more than 600K records according to the security...
Exploit Type: Zero-day Remote Code Execution (RCE)
Target: Atlassian Jira (latest desktop version and integrated with Confluence)
Login Requirement: None
SSO Compatibility: Okta SSO
Price: 800,000 XMR (Monero)
If the claim to be true, this exploit is a major security threat due to the widespread use of Jira and Confluence in corporate environments for project management and collaboration.
(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)