What You Need to Know About Atlassian's Security Vulnerability Announcement
Share this article
We use cookies to improve your experience on our site. By using our site you consent cookies. Learn more
In today's day and age, it's nearly impossible to find anyone not concerned by or challenged with addressing cybersecurity issues. Cyberthreats continue grow in both volume and complexity. Over the past five years, security breaches have increased by 67%, according to Accenture’s global survey, as part of a $1.5 trillion industry (and growing).
As the scope and scale of cyber threats expand, it's important to remain vigilant and to surface any potential vulnerabilities as early as possible to protect against business catastrophe. In that spirit, Atlassian has recently announced critical severity security advisories for a number of its popular products that require swift and immediate attention, including:
In particular, the Bitbucket Server & Bitbucket Data Center alert concerns the products having an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. The Jira Server and Data Center warning addresses a server-side template injection vulnerability in Jira Server and Data Center, in the Jira Importers Plugin (JIM), that would allow an attacker with "JIRA Administrators" access to exploit this issue and remotely execute code on systems.
The last advisory for Jira Service Desk and Service Desk Data Center highlight that attackers can grant themselves access to Jira Service Desk projects that have the Anyone can email the service desk or raise a request in the portal setting enabled, which allows an attacker to view all issues within all Jira projects contained in the vulnerable instance.
You can read all the specifics about each vulnerability and appropriate fixes in the following links:
The recent advisories should serve as a reminder just how complex and time-consuming protecting a business against bad actors can be.
Even historically secure platforms like Atlassian aren't immune to attempted hacks, which means your team — and whatever resources are available to them — must be on high alert and prepared to track down and mitigate security vulnerabilities in literally every platform or system your organization uses.
While some teams may be prepared to make that commitment, the overwhelming majority of organizations simply can't afford to repurpose existing team members away from product and service delivery to handle security or staff up a full-time team to take on the challenge.
That's where Atlassian Solution Partners like ServiceRocket come in. Atlassian partners can assist with everything from licensing and initial configurations to continuous optimization and security updates to minimize the risk of a data breach. Some even have their own apps that integrate with Atlassian products to enhance the user experience.
Atlassian Solution Partners can help solidify plans and execute strategies around identity and permissions management, as well as install security patches and proactively monitor the environment for potential vulnerabilities.
One of the biggest advantages to entrusting your Atlassian security initiatives to a verified partner is the in-depth expertise and robust industry experience Partners offer. So they're able to implement security best practices in the background without impacting productivity or the user experience — all for a fraction of what it would cost if you tried to do it all internally.
Partnering with an Atlassian MSP can save you both time and money while ensuring security standards are in place and met. They can help mitigate risks and the financial implications of a security breach while helping teams better balance resources, including time and talent. Most of all, because of their extensive training and working knowledge of the software, Atlassian MSPs offer peace of mind and predictable expenses to their customers.
Learn more about how ServiceRocket's global team of Atlassian experts can improve the safety, security, and performance.
'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Notice at Collection
