Atlassian has launched software package fixes to deal with four critical flaws in its program that, if successfully exploited, could end result in remote code execution.
The listing of vulnerabilities is underneath –
- CVE-2022-1471 (CVSS score: 9.8) – Deserialization vulnerability in SnakeYAML library that can lead to distant code execution in a number of goods
- CVE-2023-22522 (CVSS score: 9.) – Distant code execution vulnerability in Confluence Info Centre and Confluence Server (impacts all variations which includes and soon after 4..)
- CVE-2023-22523 (CVSS rating: 9.8) – Distant code execution vulnerability in Property Discovery for Jira Provider Management Cloud, Server, and Details Center (affects all variations up to but not like 3.2.-cloud / 6.2. facts centre and server)
- CVE-2023-22524 (CVSS rating: 9.6) – Remote code execution vulnerability in Atlassian Companion app for macOS (impacts all versions up to but not such as 2..)
Atlassian explained CVE-2023-22522 as a template injection flaw that makes it possible for an authenticated attacker, which include a single with anonymous accessibility, to inject unsafe person input into a Confluence website page, resulting in code execution.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The Assets Discovery flaw makes it possible for an attacker to complete privileged remote code execution on equipment with the Property Discovery agent set up, whereas CVE-2023-22524 could allow an attacker to obtain code execution by utilizing WebSockets to bypass Atlassian Companion’s blocklist and macOS Gatekeeper protections.
The advisory arrives virtually a month immediately after the Australian software program corporation exposed all versions of its Bamboo Information Heart and Server items are impacted by an actively exploited critical security flaw in Apache ActiveMQ (CVE-2023-46604, CVSS rating: 10.). Fixes have been launched in versions 9.2.7, 9.3.5, and 9.4.1 or later.
With Atlassian items becoming worthwhile attack vectors in new a long time, it really is remarkably proposed that consumers transfer immediately to update influenced installations to a patched variation.
Located this posting exciting? Observe us on Twitter and LinkedIn to go through additional exceptional material we publish.
Some areas of this write-up are sourced from:
thehackernews.com