Atlassian and the Internet Devices Consortium (ISC) have disclosed quite a few security flaws impacting their products that could be exploited to realize denial-of-assistance (DoS) and distant code execution.
The Australian program companies supplier reported that the four high-severity flaws were fastened in new versions shipped final month. This features –
- CVE-2022-25647 (CVSS rating: 7.5) – A deserialization flaw in the Google Gson deal impacting Patch Management in Jira Provider Administration Information Middle and Server
- CVE-2023-22512 (CVSS rating: 7.5) – A DoS flaw in Confluence Data Centre and Server
- CVE-2023-22513 (CVSS rating: 8.5) – A RCE flaw in Bitbucket Facts Centre and Server
- CVE-2023-28709 (CVSS score: 7.5) – A DoS flaw in Apache Tomcat server impacting Bamboo Info Center and Server
The flaws have been dealt with in the pursuing variations –
- Jira Company Management Server and Info Center (versions 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11., or afterwards)
- Confluence Server and Info Heart (versions 7.19.13, 7.19.14, 8.5.1, 8.6., or later on)
- Bitbucket Server and Details Middle (versions 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14., or afterwards)
- Bamboo Server and Details Heart (variations 9.2.4, 9.3.1, or later on)
Two High-Severity Flaws in BIND Preset
In a related improvement, ISC has released fixes for two higher-severity bugs influencing the Berkeley Internet Identify Area (BIND) 9 Domain Title Procedure (DNS) application suite that could pave the way for a DoS ailment –
- CVE-2023-3341 (CVSS score: 7.5) – A stack exhaustion flaw in command channel code could cause named to terminate unexpectedly (fastened in variations 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, and 9.18.19-S1)
- CVE-2023-4236 (CVSS rating: 7.5) – The named assistance may perhaps terminate unexpectedly under substantial DNS-over-TLS query load (fixed in versions 9.18.19 and 9.18.19-S1)
The latest patches arrive 3 months soon after ISC rolled out fixes for a few other flaws in the computer software (CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911, CVSS scores: 7.5) that could outcome in a DoS affliction.
Identified this report exciting? Stick to us on Twitter and LinkedIn to browse far more unique content material we article.
Some parts of this article are sourced from:
thehackernews.com