Inline Components
In rich text fields (such as those in blog posts), we can't add designed sections, but we can add code. So create whatever we want to add to blog posts here then copy the code and paste it into a code section in the rich text.
SFB
SFC
SFC
What will an attacker find?
High-Risk Vulnerabilities
In The Headlines
Confluence CVE-2023-22515
Allows an unauthenticated attacker to create administrator accounts in Confluence.
Confluence CVE-2022-26138
Allows an unauthenticated attacker to login to Confluence using a hardcoded creds from a popular app.
Confluence CVE-2022-26134
Allows an unauthenticated attacker to remotely compromise unpatched Confluence servers by creating new administrator accounts and executing arbitrary code.
Bitbucket CVE-2022-26136
Allows a remote, unauthenticated attacker to bypass Servlet Filters, leading to authentication bypass and cross-site scripting (XSS).
Bitbucket CVE-2023-22513
Allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality of Bitbucket data.
Bitbucket CVE-2023-25194
Third-Party dependency vulnerability allows authenticated attackers to compromise confidentiality in Bitbucket instances.
Jira CVE-2019-13990
Allows authenticated attackers to initiate an XML External Entity injection attack on Jira.
Jira CVE-2023-22501
Allows an attacker to impersonate another user and gain access to a Jira instance.
Jira CVE-2019-11581
Allows unauthenticated attackers to remotely execute code on Jira instances.
How Stolen credentials then privilege escalation from support system.
Result $2 billion in damages
How Employee with Jira access made a mistake that let to leaked credentials.
Result HIPPA Violation
How Misconfiguration led to sensitive documents leaked to the public.
Result Leaked Plain Text Creds