Atlassian Security Alerts
About ReleaseTEAM: DevOps Experts
CVE-2016-10750 – Hazelcast vulnerable to remote code execution
Issue Summary Multiple Atlassian products use the third-party software Hazelcast, which is vulnerable to Java deserialization attacks (CVE-2016-10750). Hazelcast is used by these products when they’re configured to run as a cluster. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted JoinRequest, resulting in arbitrary code execution.
Bitbucket Data Center
Confluence Data Center