Atlassian issues patch for critical flaw in Confluence and Bamboo

Create, collaborate, and organize all your work in one place. Sangam is a team workspace where knowledge and collaboration meet. Dynamic pages give your team space to create, capture, and collaborate on any project or idea.

by Vikash Kumawat
0 comments 193 views 0 minutes read

Atlassian has released updates to address three security vulnerabilities affecting its Confluence Server, Data Center and Bamboo Data Center products that, if successfully exploited, could allow remote code execution on vulnerable systems.

The list of defects is given below –

  • CVE-2023-22505 (CVSS score: 8.0) – RCE (remote code execution) in Confluence data centers and servers (fixed in versions 8.3.2 and 8.4.0)
  • CVE-2023-22508 (CVSS score: 8.5) – RCE (remote code execution) in Confluence data centers and servers (fixed in versions 7.19.8 and 8.2.0)
  • CVE-2023-22506 (CVSS score: 7.5) – Injection in Bamboo, RCE (remote code execution) (fixed in versions 9.2.3 and 9.3.1)

The company said, CVE-2023-22505 and CVE-2023-22508 allow an authenticated attacker to execute arbitrary code, which has a high impact on privacy, high impact on integrity, high impact on availability and no user interaction.

While the first bug was introduced in version 8.0.0, CVE-2023-22508 was introduced in version 7.4.0 of the software.

According to Atlassian, CVE-2023-22506, introduced in version 8.0.0 of Bamboo Data Center, allows an “authenticated attacker to modify functions performed by system calls and execute arbitrary code, which has a high impact on privacy, high impact on integrity, high impact on availability and no user interaction.”

Earlier this January, the Australian company shipped patches to resolve a critical security flaw in Jira Service Management servers and data centers that could be used by an attacker to impersonate another user and gain unauthorized access to vulnerable instances (CVE-2023-22501, CVSS score: 9.4).

Weeks later, it also fixed two critical overflow flaws in Git (CVE-2022-41903 and CVE-2022-23531) affecting Bitbucket Server and Data Center, Bamboo Server and Data Center, Fisheye, Crucible and SourceTree.

Security vulnerabilities in Atlassian servers have become the focus of attacks in recent years, so it is recommended that users move quickly to apply patches to avoid potential threats.

You may also like

Leave a Comment

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00