You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
As we know the latest security patches is good option.
Unfortunately, now the exploits are creating much faster as expected.
If you're forget to upgrade your infra please do it. Otherwise it is too risky to have not latest releases.
If you want find the exploit to review your infra you can find in github the exploit.
Not so long time ago, one of my customer lost an infrastructure of CI/CD and Jira instances.
Because the attack was used 1 vuln app for Jira 8.5, and then made a privileges escalation trick from jira user to root, and uploaded the shell code.
And after instance by instance was used for spamming, crypto mining and after ciphering backups (good idea btw).
Please, be aware if you instance exposed through internet.
Don't be shy and do upgrades, and improve upgrade procedure.
P.S. I think time to upgrade to latest your Atlassian products includes apps as well :) Except cloud :)
Solution architect | DevOps
170 accepted answers