Atlassian RCE ์ทจ์•ฝ์ 

๊ฐœ์š” ์•„ํ‹€๋ž€์‹œ์•„์˜ ๋Œ€ํ‘œ์ ์ธ ์ทจ์•ฝ์  ์‚ฌ๋ก€๋“ค์„ ์•Œ์•„๋ณด๋Š” ๋งˆ์ง€๋ง‰ ์ฑ•ํ„ฐ์ž…๋‹ˆ๋‹ค. ์ด๋ฒˆ์—๋Š” ๋น„๊ต์  ํŒŒ๊ธ‰ํšจ๊ณผ๊ฐ€ ํฐ RCE(Remote Code Excution) ํฌ์ธํŠธ๋ฅผ ์•Œ์•„๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค. ๋Œ€๋ถ€๋ถ„์˜ ์˜คํ”ˆ์†Œ์Šค ํ”„๋ ˆ์ž„์›Œํฌ ๊ด€๋ จํ•ด์„œ ๋„์ถœ๋œ ์ทจ์•ฝ์ ๋“ค์€ ๋‚ด๋ถ€์˜ ์›๋ณธ ์ฝ”๋“œ๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ์ •์ ์ธ ๋ถ„์„์„ ํ†ตํ•ด ์‹œ์Šคํ…œ์— ์ง์ ‘์ ์ธ ์นจํ•ด๋ฅผ ๊ฐ€ํ•  ์ˆ˜ ์žˆ๋Š” ํฌ์ธํŠธ๋ฅผ ์ฐพ์•„๋‚ด๋Š” ์ผ€์ด์Šค๊ฐ€ ๋งŽ์Šต๋‹ˆ๋‹ค. Sever Template Injection(CVE-2019–11581) ๊ณต๊ฒฉ ํฌ์ธํŠธ๋Š” ์ฒซ๋ฒˆ์งธ๋กœ JIRA์„œ๋ฒ„์— SMTP ๊ตฌ์„ฑ์ด ๋˜์–ด ์žˆ๊ณ  "bulk email send(๋Œ€์šฉ๋Ÿ‰ ๋ฉ”์ผ ๋ณด๋‚ด๊ธฐ)" ๋˜๋Š” "Contact Admin"์ด ํ™œ์„ฑํ™”๋˜์–ด ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. 4.4.0 < 7.6.14, 7.7.0 < 7.13.5 8.0.0 < 8.0.3 8.1.0..

WEB