<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">

Critical Security Issue Jira (CVE-2019-11581) forms threat

by Cybersprint News Jul 18, 2019

Atlassian has published a security advisory of a JIRA vulnerability found last week (CVE-2019-11581) that has affected many organisations worldwide.

The problem with this cyber threat is that malicious actors can execute remote commands (RCE).

Atlassian advises to turn off the Contact Administrator's form immediately or to upgrade to a fixed version as soon as possible.

While Jira ships by default with this feature OFF, you can check to make sure it is disabled if you are a Jira administrator.

screenshot Jira vulnerability found

5 steps to secure:


  1. Choose icon settings > System
  2. Select General Configuration to open the Administration page. 
  3. Click the Edit Settings button
  4. Scroll down to the Contact Administrators Form and select OFF
  5. Scroll to the bottom of the page and click the Update button for this setting to take affect.

    We recommend that you review the complete advisory in Jira Server - Template injection in various resources - CVE-2019-11581

Besides this recommendation, the Cybersprint research team did some extra digging and found that many European organisations and companies are now potentially vulnerable to this threat.

Alert on current Digital Risks

By simply using the brand or organisation's name our unique Digital Risk Protection SaaS-platform detects external digital risks at an early stage.

The platform works 24/7 is continuously in search of current online vulnerabilities on many different channels.  We implemented many of the same techniques hackers use when we search for online vulnerabilities and open doors. An important difference being that our platform uses Artificial Intelligence (AI), machine learning, Data Visualisation and Big Data to work faster than hackers and to stay ahead of cyber criminals. This way we can automatically map any online footprint and timely detect cyber threats.

We help secure our customers by timely notifying them through our Digital Risk Protection Platform on incidents like these and others. One of the many benefits of these proactive alerts is that our customers are able to mitigate digital risks faster and thus become more cyber resilient.

Please contact Cybersprint today and request a Quickscan to discover your online footprint and reduce your online attack surface.

 

Visit Cybersprint at it-sa 2019

From 8-10 October 2019, Cybersprint will be present at the it-sa 2019 in Nuremberg, Germany. We invite you to visit us at Hall 10 stand 617, and at the Holland IT Security House at stand 512 for a free demo of our Digital Risk Protection platform. The free demo will provide you with insights into your online attack surface and possible vulnerabilities. Our international team, including German speaking team members, is ready to provide you with information on how to protect your organisation from digital threats.

read more

The Hague Challenges Hackers in Hâck The Hague 2019

PRESS RELEASE – On 30 September 2019, the municipality of The Hague, in cooperation with the Hague’s cyber security company Cybersprint, organises the hacking competition ‘Hâck The Hague’ for the third year in a row. This year, the municipality will be hacked by one hundred of the best national and international ethical hackers.

read more

Invitation for Hack The Hague 2019

Hâck The Hague is back! We are happy to invite you to the third edition of this hacking challenge, to uncover vulnerabilities in a bigger pre-defined scope. Register before 13 September 15:00 CET! When: 30 September 2019, from 10:30 to 18:30 hours Where: City Hall, Spui 70, 2511 BT The Hague This year, even more room is reserved for the competitors, in the categories (professional) hackers and students. You can join this challenge individually, or in a team of two within a even bigger scope. Not only can more teams register, we’re also working on new ways to put your hacking skills and the city’s systems to the test. We’re curious to see what creative hacks you will come up with this year. The findings will be registrated in the Zerocopter platform and will be assessed by an expert jury. The winners will receive a €€€-reward for the vulnerabilities found during the event. There are multiple rewards for the taking, based on creativity, originality, impact and other categories.  Interested? Register below before 13 September 15:00 CET. The number of available spots is limited, so be fast to register. After registration, we will inform you timely whether we can confirm your spot in the competition.  The scope of the challenge and the rules of engagement* will be announced during the kick-off on 30 September at 10.30 am sharp!  Read more about Hâck The Hague 2019 in the press release

read more

Do you have a question?

Our experts have the answers

Contact us