Atlassian released a security advisory nearly 8 months ago and released patches for a very critical vulnerability contained nearly all web based products.
Description of vulnerability was not sufficent for potential black hats but given patches leaked all the details they need. Any average level attacker would understand components of the issue when patches downloaded and compared with previous releases. But some advanced capabilities required to figure out how and where to attack.
more here.........http://sceptive.com/p/unpatched-atlassian-products-still-reign-over-a-critical-security-flaw
Description of vulnerability was not sufficent for potential black hats but given patches leaked all the details they need. Any average level attacker would understand components of the issue when patches downloaded and compared with previous releases. But some advanced capabilities required to figure out how and where to attack.
more here.........http://sceptive.com/p/unpatched-atlassian-products-still-reign-over-a-critical-security-flaw