Atlassian Patches Servlet Filter Vulnerabilities Impacting Multiple Products


This week, Atlassian released patches for two serious Servlet Filter flaws that affect a number of their products.

The first vulnerability, identified as CVE-2022-26136 and referred to as a Servlet Filter bypass, might enable a remote, unauthenticated attacker to submit specially crafted HTTP requests and authenticate to third-party apps or to conduct an XSS attack to run JavaScript code in a user’s browser. Read More…