Ollama open source AI vulnerability | Atlassian Product Bugs
CyberInsights #145 - Ollama Vulnerability | Confluence, Jira & Crucible vulnerabilities
Ollama API had a vulnerability
It’s not all prompt injections. The traditional attack vectors need some love too…
If you have anything to do with LLM based AI, you have heard of Llama3 - Meta’s latest model that can do quite a few good things.
A vulnerability was detected in the Llama API, which has since been fixed.
The API endpoint /api/pull had a vulnerability which could allow directory traversal and remote code execution.
Take Action:
AI security testing is more than just prompt engineering. While it is fun to do prompt engineering, we must not forget the basics. Think of AI security in 4 layers. The first three are standard cybersecurity layers.
Atlassian fixes 9 high risk vulnerabilities
A bug bounty program helps identify the vulnerabilities
The most commonly used knowledge management and ticketing platform — Confluence & Jira has released a security update fixing 9 high risk bugs. These bugs are in the Confluence Data Center product.
There are two reasons why this is more than a routine patching news.
First, Jira and Confluence are very widely used. There would hardly be a tech professional who hasn’t raised a Jira ticket!
Second, the bugs were found because of a bug bounty program run by Atlassian.
Bug Bounty programs are evolving in terms of size and complexity. Third party platforms help organizations run bug bounty programs in an efficient manner.
When to use a bug bounty program?
Bug bounty programs are useful if you have a large public usage of your products. For B2B systems behind firewalls and WAFs, a focused red teaming effort would be sufficient.
Take Action:
If you are using Atlassian products, check if you need to apply the patches. There are no known exploits in the wild, as per the company. However, patch it at the earliest downtime possible.
Evaluate if your organization should implement a bug bounty program. Bug bounties are notoriously hard to manage, so ensure that you have sufficient people allocated to managing the program. Implement the right guardrails.