As we know the latest security patches is good option.
Unfortunately, now the exploits are creating much faster as expected.
If you're forget to upgrade your infra please do it. Otherwise it is too risky to have not latest releases.
If you want find the exploit to review your infra you can find in github the exploit.
Not so long time ago, one of my customer lost an infrastructure of CI/CD and Jira instances.
Because the attack was used 1 vuln app for Jira 8.5, and then made a privileges escalation trick from jira user to root, and uploaded the shell code.
And after instance by instance was used for spamming, crypto mining and after ciphering backups (good idea btw).
Please, be aware if you instance exposed through internet.
Don't be shy and do upgrades, and improve upgrade procedure.
P.S. I think time to upgrade to latest your Atlassian products includes apps as well :) Except cloud :)
Gonchik TsymzhitovCommunity Leader
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event