Atlassian and the Internet Techniques Consortium (ISC) have disclosed many security flaws impacting their merchandise that could be exploited to accomplish denial-of-service (DoS) and distant code execution.
The Australian software services company claimed that the four large-severity flaws have been fastened in new variations shipped previous month. This incorporates –
- CVE-2022-25647 (CVSS rating: 7.5) – A deserialization flaw in the Google Gson package deal impacting Patch Management in Jira Provider Administration Knowledge Middle and Server
- CVE-2023-22512 (CVSS score: 7.5) – A DoS flaw in Confluence Knowledge Middle and Server
- CVE-2023-22513 (CVSS rating: 8.5) – A RCE flaw in Bitbucket Details Heart and Server
- CVE-2023-28709 (CVSS rating: 7.5) – A DoS flaw in Apache Tomcat server impacting Bamboo Information Centre and Server
The flaws have been addressed in the next versions –
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
- Jira Assistance Administration Server and Data Center (versions 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11., or later on)
- Confluence Server and Knowledge Heart (versions 7.19.13, 7.19.14, 8.5.1, 8.6., or afterwards)
- Bitbucket Server and Information Centre (variations 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14., or later on)
- Bamboo Server and Information Heart (versions 9.2.4, 9.3.1, or later on)
Two Significant-Severity Flaws in BIND Fastened
In a linked progress, ISC has unveiled fixes for two high-severity bugs affecting the Berkeley Internet Identify Domain (BIND) 9 Area Identify Method (DNS) application suite that could pave the way for a DoS condition –
- CVE-2023-3341 (CVSS rating: 7.5) – A stack exhaustion flaw in regulate channel code might bring about named to terminate unexpectedly (preset in versions 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, and 9.18.19-S1)
- CVE-2023-4236 (CVSS rating: 7.5) – The named service may perhaps terminate unexpectedly beneath high DNS-in excess of-TLS question load (fixed in versions 9.18.19 and 9.18.19-S1)
The hottest patches arrive three months after ISC rolled out fixes for 3 other flaws in the application (CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911, CVSS scores: 7.5) that could end result in a DoS ailment.
Found this report appealing? Adhere to us on Twitter and LinkedIn to read through far more exclusive material we article.
Some sections of this posting are sourced from:
thehackernews.com