7 matches found
CVE-2024-48942
The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...
CVE-2024-48941
The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...
CVE-2024-48941
The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...
PT-2024-33288 · Atlassian +1 · Confluence +3
Name of the Vulnerable Software and Affected Versions: Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket versions 3.1.4.5 and earlier Description: The issue allows remote attackers to easily brute-force the 2FA PIN via the "plugins/servlet/twofactor/public/pinvalidation" endpoin...
savignano S/Notify 安全漏洞
savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 2.0.1 that stems from the presence of a cross-site request forgery vulnerability that allows an attacker to replac...
savignano S/Notify Security Vulnerabilities
savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 2.0.1 that originates from a configuration setting that can be modified via a cross-site request forgery CSRF...
savignano S/Notify Security Vulnerabilities
savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 4.0.2 that originates from a configuration setting that can be modified via a cross-site request forgery CSRF...