This week, Atlassian released fixes for four high-severity flaws that had the potential to cause a DoS and remote code execution and affected several of its products.
The issues in its primary products, Jira, Confluence, Bitbucket, and Bamboo, have been fixed. Atlassian found these vulnerabilities using its Bug Bounty program, pen-testing processes, and third-party library scans.
Deploy Advanced AI-Powered Email Security Solution
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Four High-Severity Flaws Addressed
- CVE-2022-25647 (CVSS score: 7.5) – Patch Management Flaw
This patch management bug in Jira could allow an attacker to expose assets for further exploitation. It may lead to DoS attacks.
Affected Versions
Introduced in Jira version 4.20.0
Fix Released
Upgrade to a minimum fix version of 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0 or latest
- CVE-2023-22512 (CVSS score: 7.5) – DoS (Denial of Service) Flaw
A DoS flaw in Confluence Data Center and Server. According to Atlassian, an unauthenticated attacker might exploit this vulnerability to block access to resources by temporarily or indefinitely disrupting the services of a vulnerable host connected to a network.
Affected Versions
Version 5.6 and impacts release up to 8.6.0.
Fix Released
Upgrade to a minimum fix version of 7.19.13, 7.19.14, 8.5.1, 8.6.0 or latest
- CVE-2023-22513 (CVSS score: 8.5) – RCE (Remote Code Execution) Flaw
An RCE flaw in the Bitbucket Data Center and Server.
“This RCE (Remote Code Execution) vulnerability, allows an authenticated attacker to execute arbitrary code which has a high impact on confidentiality, high impact on integrity, high impact on availability, and requires no user interaction”, Atlassian said.
Affected Versions
Version 8.0.0 and impacts most releases until version 8.14.0.
Fix Released
Upgrade to a minimum fix version of 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0 or latest
- CVE-2023-28709 (CVSS score: 7.5) – DoS Flaw
A DoS flaw in the Apache Tomcat server impacted the Bamboo Data Center and Server. It is described as a third-party dependency problem that can be exploited by an attacker to “expose assets in your environment susceptible to exploitation.”
Affected Versions
Version 8.1.12, the bug was addressed in Bamboo versions 9.2.4 and 9.3.1.
Fix Released
Upgrade to a minimum fix version of 9.2.4, 9.3.1, or the latest.
Atlassian recommends upgrading to the latest fixed versions released.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
