Atlassian | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Auditing Atlassian Plugins, 53 0-Days Later	XSS	Atlassian	Cyllective (@Cyllective)
Atlassian Confluence - Remote Code Execution (CVE-2023-22527)	RCE OGNL Injection Security Code Review	Atlassian	Rahul Maini (@Iamnoooob) Harsh Jaiswal (@Rootxharsh)
CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS	RCE MacOS Websockets Thick Client Security Code Review	Atlassian	Ron Masas (@RonMasas)
OAuth 2.0 Redirect URI Validation Falls Short, Literally	OAuth Path Confusion Open Redirect HTTP Parameter Pollution Account Takeover	Atlassian Meta / Facebook GitHub Microsoft Yahoo! / Verizon Media LinkedIn Slack VK LINE AuthDigital (Naver) OK ORCID	Tommaso Innocenti (@Innotommy) Matteo Golinelli Kaan Onarlioglu Ali Mirheidari Bruno Crispo Engin Kirda
Phishing the anti-phishers: Exploiting anti-phishing tools for internal access	Phishing	Atlassian Netflix Amazon	Rojan Rijal (@Uraniumhacker) Tanner Emek (@Itscachemoney)
macOS Atlassian Companion Remote Code Execution	RCE MacOS Thick Client	Atlassian	Wojciech Reguła (@_R3ggi)
Bypassing OGNL sandboxes for fun and charities	OGNL Injection	Atlassian Apache Struts	Alvaro Muñoz (@Pwntester)
CVE-2022–43781	OS Command Injection RCE	Atlassian	Petrus Viet (@VietPetrus)
Atlassian Jira Align, Version 10.107.4 Advisory	SSRF Broken Access Control Privilege Escalation	Atlassian	Jacob Shafer (@Fibbot)
Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)	RCE OS Command Injection	Atlassian	Maxwell Garrett (@TheGrandPew)
Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)	SSRF	Atlassian	Shubham Shah (@Infosec_au) Dylan Pindur
Hacking Swagger-UI - from XSS to account takeovers	DOM XSS Account Takeover	Shopify Paypal GitLab Atlassian Yahoo! / Verizon Media Microsoft Jamf	Dawid Moczadło (@Kannthu1)
CVE-2022-26133 - Bitbucket Data Center - Java Deserialization Vulnerability	Insecure Deserialization	Atlassian	Benny Jacob (@Bennyyjacob)
How I Found My First XSS Bug	XSS	Atlassian	Thedarkwayg (@Shadow_CLAY)
How I accidentally hacked many companies using N/A vulnerability in Atlassian Cloud	Information Disclosure Broken Authentication	Atlassian	Valeriy Shevchenko (@Krevetk0Valeriy)
Write Up – XSS Stored In api.media.atlassian.com Via Doc File (iOS)	Stored XSS	Atlassian	Omar Espino (@Omespino)
CVE-2021-26084	RCE	Atlassian	Snowyyowl (@Bennyyjacob)
"A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild	Prototype Pollution XSS	Apple Atlassian Mozilla HubSpot Segment Analytics	Sergey Bobrov (@Black2fan) S1r1us (@S1r1u5_) Terjanq (@Terjanq) Beomjin Lee (@Po6ix) Masato Kinugawa (@Kinugawamasato) Nikita Stupin (@_Nikitastupin) Rahul Maini (@Iamnoooob) Harsh Jaiswal (@Rootxharsh) Mikhail Egorov (@0ang3el) Melar Dev (@Melardev)
A supply-chain breach: Taking over an Atlassian account	XSS CSRF	Atlassian	Dikla Barda, Yaara Shriki Roman Zaikin (@R0m4nZ41k1n) Oded Vanunu (@Od3dV)
Leaking issues from linked Jira – Atlassian Confluence Server	XS-Search	Atlassian	Yeuchimse (@Yeuchimse)
CSRF Protection Bypass in Atlassian Confluence Server	CSRF	Atlassian	Yeuchimse (@Yeuchimse)
id.atlassian.com Username enumeration	Username Enumeration	Atlassian	Denis Andzakovic
Exploiting Jira for Host Discovery	CSRF	Atlassian	Alex Peña
How I Made $600 in Bug Bounty in 15 Minutes with Contrast CE – CVE- 2019-8442	Information Disclosure	Atlassian	David Lindner (@Golfhackerdave)
Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure	Path Traversal	Atlassian	Sam Curry (@Samwcyo)

Page 1 of 2