Atlassian and the Internet Techniques Consortium (ISC) have disclosed many security flaws impacting their merchandise that could be exploited to accomplish denial-of-service (DoS) and distant code execution.
The Australian software services company claimed that the four large-severity flaws have been fastened in new variations shipped previous month. This incorporates –
- CVE-2022-25647 (CVSS rating: 7.5) – A deserialization flaw in the Google Gson package deal impacting Patch Management in Jira Provider Administration Knowledge Middle and Server
- CVE-2023-22512 (CVSS score: 7.5) – A DoS flaw in Confluence Knowledge Middle and Server
- CVE-2023-22513 (CVSS rating: 8.5) – A RCE flaw in Bitbucket Details Heart and Server
- CVE-2023-28709 (CVSS rating: 7.5) – A DoS flaw in Apache Tomcat server impacting Bamboo Information Centre and Server
The flaws have been addressed in the next versions –
- Jira Assistance Administration Server and Data Center (versions 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11., or later on)
- Confluence Server and Knowledge Heart (versions 7.19.13, 7.19.14, 8.5.1, 8.6., or afterwards)
- Bitbucket Server and Information Centre (variations 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14., or later on)
- Bamboo Server and Information Heart (versions 9.2.4, 9.3.1, or later on)
Two Significant-Severity Flaws in BIND Fastened
In a linked progress, ISC has unveiled fixes for two high-severity bugs affecting the Berkeley Internet Identify Domain (BIND) 9 Area Identify Method (DNS) application suite that could pave the way for a DoS condition –
- CVE-2023-3341 (CVSS rating: 7.5) – A stack exhaustion flaw in regulate channel code might bring about named to terminate unexpectedly (preset in versions 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, and 9.18.19-S1)
- CVE-2023-4236 (CVSS rating: 7.5) – The named service may perhaps terminate unexpectedly beneath high DNS-in excess of-TLS question load (fixed in versions 9.18.19 and 9.18.19-S1)
The hottest patches arrive three months after ISC rolled out fixes for 3 other flaws in the application (CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911, CVSS scores: 7.5) that could end result in a DoS ailment.
Found this report appealing? Adhere to us on Twitter and LinkedIn to read through far more exclusive material we article.
Some sections of this posting are sourced from: