Hi!
As we know the latest security patches is good option.
Unfortunately, now the exploits are creating much faster as expected.
If you're forget to upgrade your infra please do it. Otherwise it is too risky to have not latest releases.
Windows:
Linux:
If you want find the exploit to review your infra you can find in github the exploit.
Not so long time ago, one of my customer lost an infrastructure of CI/CD and Jira instances.
Because the attack was used 1 vuln app for Jira 8.5, and then made a privileges escalation trick from jira user to root, and uploaded the shell code.
And after instance by instance was used for spamming, crypto mining and after ciphering backups (good idea btw).
Please, be aware if you instance exposed through internet.
Conclusion:
Don't be shy and do upgrades, and improve upgrade procedure.
P.S. I think time to upgrade to latest your Atlassian products includes apps as well :) Except cloud :)
Cheers,
Gonchik Tsymzhitov
Gonchik Tsymzhitov
Solution architect | DevOps
:)
Cyprus, Limassol
175 accepted answers
2 comments