Security Vulnerability CVE-2021-42574 Mitigation

Mayuresh Sakharape
Contributor
November 22, 2021

Hello everyone,

How you guys are mitigating Security Vulnerability CVE-2021-42574? I am still unable to understand the risk, impact and mitigation done by Atlassian. Is there any other workaround than upgrade?

Kind Regards,

Mayuresh

1 comment

Comment

Log in or Sign up to comment
Peter-Dave Sheehan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 22, 2021

Here is a nice blog post about it: https://www.adaptavist.com/blog/trojan-codes-in-atlassian-products-and-scriptrunner

The main takeaway for me was that Jira or Confluence are not directly at risk, but they can be used to trick someone else to copy code from jira/confluence into another system and then when that system is built/executed, then that system may contain bad code that the developer didn't realize they copied.

Like Mayuresh Sakharape likes this
TAGS
AUG Leaders

Atlassian Community Events