Atlassian has produced application fixes to tackle 4 critical flaws in its software package that, if efficiently exploited, could consequence in distant code execution.
The list of vulnerabilities is beneath –
- CVE-2022-1471 (CVSS rating: 9.8) – Deserialization vulnerability in SnakeYAML library that can guide to distant code execution in many goods
- CVE-2023-22522 (CVSS rating: 9.) – Remote code execution vulnerability in Confluence Information Center and Confluence Server (impacts all versions including and just after 4..)
- CVE-2023-22523 (CVSS rating: 9.8) – Remote code execution vulnerability in Belongings Discovery for Jira Assistance Management Cloud, Server, and Facts Heart (has an effect on all variations up to but not like 3.2.-cloud / 6.2. info centre and server)
- CVE-2023-22524 (CVSS score: 9.6) – Remote code execution vulnerability in Atlassian Companion application for macOS (influences all versions up to but not which includes 2..)
Atlassian described CVE-2023-22522 as a template injection flaw that makes it possible for an authenticated attacker, including 1 with anonymous access, to inject unsafe consumer enter into a Confluence webpage, resulting in code execution.
The Assets Discovery flaw enables an attacker to perform privileged remote code execution on machines with the Belongings Discovery agent put in, while CVE-2023-22524 could permit an attacker to obtain code execution by employing WebSockets to bypass Atlassian Companion’s blocklist and macOS Gatekeeper protections.
The advisory comes nearly a month just after the Australian computer software enterprise exposed all variations of its Bamboo Info Heart and Server solutions are impacted by an actively exploited critical security flaw in Apache ActiveMQ (CVE-2023-46604, CVSS score: 10.). Fixes have been released in versions 9.2.7, 9.3.5, and 9.4.1 or later on.
With Atlassian merchandise turning out to be worthwhile attack vectors in current a long time, it’s remarkably suggested that end users transfer swiftly to update afflicted installations to a patched variation.
Identified this report exciting? Abide by us on Twitter and LinkedIn to examine more unique written content we submit.
Some parts of this article are sourced from:
thehackernews.com