CompleteFTP path traversal flaw allowed attackers to delete server files


The US Cybersecurity and Infrastructure Security Agency (CISA) has advised government organisations to patch a recently disclosed Confluence vulnerability that has been utilised in attacks.

The significant vulnerability, identified as CVE-2022-26138, is connected to the account “disabledsystemuser” in the Questions for Confluence app, which is designed to help administrators move data from the app to Confluence Cloud. Read More…