Atlassian Resolves Three Critical Vulnerabilities in Confluence and Bamboo Products
July 25, 2023
Atlassian has recently fixed three critical and high severity vulnerabilities that were impacting its Confluence Server, Data Center, and Bamboo Data Center products. If these vulnerabilities were exploited, they could have resulted in remote code execution on vulnerable systems. The vulnerabilities were discovered and reported to Atlassian through its bug bounty and pen-testing processes, as well as through 3rd party library scans.
The most serious of the vulnerabilities, identified as CVE-2023-22508 (CVSS score: 8.5), is a Remote Code Execution that affects the Confluence Data Center and Server. This flaw was first introduced in version 7.4.0 of Confluence Data Center & Server.
The second vulnerability that the company has addressed is an Injection and RCE (Remote Code Execution) vulnerability of high severity, identified as CVE-2023-22506 (CVSS Score 7.5). This flaw was first introduced in version 8.0.0 of Bamboo Data Center. An authenticated attacker could have exploited this issue to modify the actions taken by a system call and execute arbitrary code without any user interaction.
Some weeks later, Atlassian also released fixes for two critical overflow flaws in Git, which are CVE-2022-41903 and CVE-2022-23531. These flaws were affecting Bitbucket Server and Data Center, Bamboo Server and Data Center, Fisheye, Crucible, and Sourcetree.
Related News
Latest News
- Critical Vulnerability in MikroTik Routers Exposes Up to 900K Devices to Potential Takeover
- VMware Patches Information Disclosure Bug in Tanzu Application Service for VMs
- Norwegian Government IT Systems Breached Using Ivanti Zero-Day Vulnerability
- Apple Issues Security Updates to Address Zero-Day Vulnerabilities
- Critical Zero-Day Vulnerabilities in Atera Windows Installers Expose Users to Privilege Escalation Attacks
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.