Atlassian Releases Patches for Critical Flaws in Assemblies and Bamboo


July 25, 2023thnServer Security / Zero Day

Meeting and Bamboo

Atlassian has released update to address three security flaws impacting Bamboo’s Confluence Server, Datacenter, and Datacenter products which, if successfully exploited, could result in remote code execution on vulnerable systems.

The list of cons is below –

  • CVE-2023-22505 (CVSS Score: 8.0) – RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in version 8.3.2 and 8.4.0)
  • CVE-2023-22508 (CVSS Score: 8.5) – RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in version 7.19.8 and 8.2.0)
  • CVE-2023-22506 (CVSS Score: 7.5) – Injection, RCE (Remote Code Execution) in Bamboo (Fixed in version 9.2.3 and 9.3.1)

CVE-2023-22505 and CVE-2023-22508 allow “authenticated attackers to execute arbitrary code with high confidentiality impact, high integrity impact, high availability impact, and no user interaction,” the company said.

While the first bug was introduced in version 8.0.0, CVE-2023-22508 was introduced in software version 7.4.0.


Protecting Against Insider Threats: SaaS Master Security Posture Management

Worried about insider threats? We are here to help you! Join this webinar to explore practical strategies and secrets to proactive security with SaaS Security Posture Management.

Join today

CVE-2023-22506, introduced in version 8.0.0 of the Bamboo Data Center, allows “an authenticated attacker to modify the action taken by a system call and execute arbitrary code that has high confidentiality, high integrity, high availability, and no user interaction,” according to Atlassian.

Early this January, the Australian company submitted a patch to address a critical security flaw in Jira Service Management Server and Data Center that could be abused by attackers to impersonate other users and gain unauthorized access to vulnerable instances (CVE-2023-22501, CVSS score: 9.4).

A few weeks later, Git also released fixes for two critical overflow flaws in Git (CVE-2022-41903 and CVE-2022-23531) affects Bitbucket Servers and Datacenter, Bamboo Servers and Datacenter, Fisheye, Crucible, and Sourcetree.

With security vulnerabilities in Atlassian servers becoming an attack magnet in recent years, it is recommended that users move quickly to apply patches to protect against potential threats.

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.


Source link

Related Articles

Back to top button