Posted on

Confluence Security Advisory 2022-06-02

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

Confluence Server and Data Center – CVE-2022-26134 – Critical severity unauthenticated remote code execution vulnerability

Atlassian has published a notification on a critical vulnerability affecting all on premise instances of Confluence (Server and Data Center) – unauthenticated remote code execution vulnerability in Confluence Server and Data Center.

What You Need to Do

There are currently no fixed versions of Confluence Server and Data Center available. In the interim, customers should work with their security team to consider the best course of action. Options to consider include:

  • Restricting access to Confluence Server and Data Center instances from the internet.
  • Disabling Confluence Server and Data Center instances.

If you are unable to take the above actions implementing a WAF (Web Application Firewall) rule which blocks URLs containing ${ may reduce your risk.

Posted on No Comments on Powerscript for Jira – how to block editing a field or fields for a given role or roles.

Powerscript for Jira – how to block editing a field or fields for a given role or roles.

Power Scripts™ – Jira script automation
JIRA PowerScript Sctipts Plugin is a very useful plugin if you want to automate tasks while working with Jira projects to save time on repetitive tasks. The most important features are the ability to automate repetitive tasks, scripts added to the workflow, transit, and event listener.

It can be found on atlassian marketplace under this link. Unfortunately, it is not free, but the price is very affordable.

Script code

Read more Powerscript for Jira – how to block editing a field or fields for a given role or roles.

Posted on No Comments on How does the VPN work? – A question from the telegram.

How does the VPN work? – A question from the telegram.

My today’s answer to the question from the telegram – maybe someone will need such a summary of information about VPN 😀

The VPN set itself encrypts the data, but what servers do I connect to, etc., it still goes to the ISP?

  • No matter how the VPN is set, whether it’s your own or bought, it should encrypt the data. If you set it yourself you know how it was configured and you know who has the encryption key – in case of purchased VPN not exactly.
  • As for the ISP – you have to get out of that VPN somewhere, so at the point of the appointment, when traffic from a VPN starts to come out of the world with a “normal” connection yes – this or that ISP sees what comes out of you unencrypted + DNS queries.

Read more How does the VPN work? – A question from the telegram.