Posted on

Patch your confluence if it’s not done yet

https://www.rapid7.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

The Vulnerability has been marked with a maximum CVSS value (10/10) and allows you to create a Confluence administrator account from the Internet.

Posted on No Comments on Whiteboard from Atlassian

Whiteboard from Atlassian

Atlassian will release their own whiteboard. It will be a part of the confluence. So you will not have to use miro or mural (or similar online services). You will not need apps like Microsoft whiteboard or Apple freeform. Confluence will be everything what you need.

You want to more know? Or maybe even join the beta tests? Check https://www.atlassian.com/software/confluence/whiteboards

Posted on No Comments on New, lower prices of Atlassian trainings

New, lower prices of Atlassian trainings

Now you can learn at Atlassian University for less. They changed the price of their basic trainings, and now they are free or starting from $39.
The whole catalog of free and cheap courses is here: https://university.atlassian.com/student/catalog/list?category_ids=21723-on-demand

If you do not have any experience with Jira or Jira Service Management I recommend starting with free courses:

If you will work with Confluence:

Those are basics, but it’s really hard to work with Jira/Confluence without them.

Posted on

Confluence Security Advisory 2022-06-02

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

Confluence Server and Data Center – CVE-2022-26134 – Critical severity unauthenticated remote code execution vulnerability

Atlassian has published a notification on a critical vulnerability affecting all on premise instances of Confluence (Server and Data Center) – unauthenticated remote code execution vulnerability in Confluence Server and Data Center.

What You Need to Do

There are currently no fixed versions of Confluence Server and Data Center available. In the interim, customers should work with their security team to consider the best course of action. Options to consider include:

  • Restricting access to Confluence Server and Data Center instances from the internet.
  • Disabling Confluence Server and Data Center instances.

If you are unable to take the above actions implementing a WAF (Web Application Firewall) rule which blocks URLs containing ${ may reduce your risk.

Posted on No Comments on Powerscript for Jira – how to block editing a field or fields for a given role or roles.

Powerscript for Jira – how to block editing a field or fields for a given role or roles.

Power Scripts™ – Jira script automation
JIRA PowerScript Sctipts Plugin is a very useful plugin if you want to automate tasks while working with Jira projects to save time on repetitive tasks. The most important features are the ability to automate repetitive tasks, scripts added to the workflow, transit, and event listener.

It can be found on atlassian marketplace under this link. Unfortunately, it is not free, but the price is very affordable.

Script code

Read more Powerscript for Jira – how to block editing a field or fields for a given role or roles.

Posted on No Comments on Jira and Docker – on the fly

Jira and Docker – on the fly

If you need to quickly get Jira running on an external database (postgres/mysql) and you don’t want to mess with disk cleanup later, use docker.

To access the jira_home directory instead of using a volume mount a specific directory from the disk.

How to do it? Very simple – here are the commands.

Read more Jira and Docker – on the fly