Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

Atlassian has launched software package fixes to deal with four critical flaws in its program that, if successfully exploited, could end result in remote code execution.

The listing of vulnerabilities is underneath –

• CVE-2022-1471 (CVSS score: 9.8) – Deserialization vulnerability in SnakeYAML library that can lead to distant code execution in a number of goods
• CVE-2023-22522 (CVSS score: 9.) – Distant code execution vulnerability in Confluence Info Centre and Confluence Server (impacts all variations which includes and soon after 4..)
• CVE-2023-22523 (CVSS rating: 9.8) – Distant code execution vulnerability in Property Discovery for Jira Provider Management Cloud, Server, and Details Center (affects all variations up to but not like 3.2.-cloud / 6.2. facts centre and server)
• CVE-2023-22524 (CVSS rating: 9.6) – Remote code execution vulnerability in Atlassian Companion app for macOS (impacts all versions up to but not such as 2..)

Atlassian explained CVE-2023-22522 as a template injection flaw that makes it possible for an authenticated attacker, which include a single with anonymous accessibility, to inject unsafe person input into a Confluence website page, resulting in code execution.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

The Assets Discovery flaw makes it possible for an attacker to complete privileged remote code execution on equipment with the Property Discovery agent set up, whereas CVE-2023-22524 could allow an attacker to obtain code execution by utilizing WebSockets to bypass Atlassian Companion’s blocklist and macOS Gatekeeper protections.

The advisory arrives virtually a month immediately after the Australian software program corporation exposed all versions of its Bamboo Information Heart and Server items are impacted by an actively exploited critical security flaw in Apache ActiveMQ (CVE-2023-46604, CVSS rating: 10.). Fixes have been launched in versions 9.2.7, 9.3.5, and 9.4.1 or later.

With Atlassian items becoming worthwhile attack vectors in new a long time, it really is remarkably proposed that consumers transfer immediately to update influenced installations to a patched variation.

Located this posting exciting? Observe us on Twitter  and LinkedIn to go through additional exceptional material we publish.