CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

...

KLA91034 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure Machine Learning Notebook can be...

CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

CVE-2024-48941

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...

CVE-2024-48941

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...

PT-2024-33288 · Atlassian +1 · Confluence +3

Name of the Vulnerable Software and Affected Versions: Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket versions 3.1.4.5 and earlier Description: The issue allows remote attackers to easily brute-force the 2FA PIN via the "plugins/servlet/twofactor/public/pinvalidation" endpoin...

savignano S/Notify 安全漏洞

savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 2.0.1 that stems from the presence of a cross-site request forgery vulnerability that allows an attacker to replac...

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products such as Bamboo, Bitbucket, Jira and Confluence. A malicious party can exploit the exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights SQL...

savignano S/Notify Security Vulnerabilities

savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 4.0.2 that originates from a configuration setting that can be modified via a cross-site request forgery CSRF...

savignano S/Notify Security Vulnerabilities

savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 2.0.1 that originates from a configuration setting that can be modified via a cross-site request forgery CSRF...