Atlassian has launched updates to handle three safety flaws impacting its Confluence Server, Information Middle, and Bamboo Information Middle merchandise that, if efficiently exploited, might lead to distant code execution on inclined programs.
The listing of the failings is beneath –
- CVE-2023-22505 (CVSS rating: 8.0) – RCE (Distant Code Execution) in Confluence Information Middle and Server (Fastened in variations 8.3.2 and eight.4.0)
- CVE-2023-22508 (CVSS rating: 8.5) – RCE (Distant Code Execution) in Confluence Information Middle and Server (Fastened in variations 7.19.8 and eight.2.0)
- CVE-2023-22506 (CVSS rating: 7.5) – Injection, RCE (Distant Code Execution) in Bamboo (Fastened in variations 9.2.3 and 9.3.1)
CVE-2023-22505 and CVE-2023-22508 permit an “authenticated attacker to execute arbitrary code which has excessive affect to confidentiality, excessive affect to integrity, excessive affect to availability, and no consumer interplay,” the corporate stated.
Whereas the primary bug was launched in model 8.0.0, CVE-2023-22508 was launched in model 7.4.0 of the software program.
Defend Towards Insider Threats: Grasp SaaS Safety Posture Administration
Fearful about insider threats? We have you lined! Be a part of this webinar to discover sensible methods and the secrets and techniques of proactive safety with SaaS Safety Posture Administration.
CVE-2023-22506, launched in model 8.0.0 of Bamboo Information Middle, permits an “authenticated attacker to switch the actions taken by a system name and execute arbitrary code which has excessive affect to confidentiality, excessive affect to integrity, excessive affect to availability, and no consumer interplay,” based on Atlassian.
Earlier this January, the Australian firm shipped patches to resolve a essential safety flaw in Jira Service Administration Server and Information Middle that could possibly be abused by an attacker to move off as one other consumer and achieve unauthorized entry to inclined cases (CVE-2023-22501, CVSS rating: 9.4).
Weeks later, it additionally rolled out fixes for 2 essential overflow flaws in Git (CVE-2022-41903 and CVE-2022-23531) affecting Bitbucket Server and Information Middle, Bamboo Server and Information Middle, Fisheye, Crucible, and Sourcetree.
With safety vulnerabilities in Atlassian servers turning into assault magnets in recent times, it is really helpful that customers transfer shortly to use the patches to safeguard in opposition to potential threats.
