Atlassian Resolves Three Critical Vulnerabilities in Confluence and Bamboo Products

July 25, 2023

Atlassian has recently fixed three critical and high severity vulnerabilities that were impacting its Confluence Server, Data Center, and Bamboo Data Center products. If these vulnerabilities were exploited, they could have resulted in remote code execution on vulnerable systems. The vulnerabilities were discovered and reported to Atlassian through its bug bounty and pen-testing processes, as well as through 3rd party library scans.

The most serious of the vulnerabilities, identified as CVE-2023-22508 (CVSS score: 8.5), is a Remote Code Execution that affects the Confluence Data Center and Server. This flaw was first introduced in version 7.4.0 of Confluence Data Center & Server.

The second vulnerability that the company has addressed is an Injection and RCE (Remote Code Execution) vulnerability of high severity, identified as CVE-2023-22506 (CVSS Score 7.5). This flaw was first introduced in version 8.0.0 of Bamboo Data Center. An authenticated attacker could have exploited this issue to modify the actions taken by a system call and execute arbitrary code without any user interaction.

Some weeks later, Atlassian also released fixes for two critical overflow flaws in Git, which are CVE-2022-41903 and CVE-2022-23531. These flaws were affecting Bitbucket Server and Data Center, Bamboo Server and Data Center, Fisheye, Crucible, and Sourcetree.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.