(1 votes, average: 5.00 out of 5)
The Australian software firm Atlassian rolled out fixes to tackle four high-severity product vulnerabilities that could lead to DoS attacks and remote code execution. Atlassian uncovered these flaws utilizing pen-testing processes, the Bug Bounty program, and third-party library scans.
Here’s a detailed breakdown of these four vulnerabilities:
This particular vulnerability, with a CVSS score of 7.5, was identified as a deserialization flaw within the Google GSON package. It significantly impacted Patch Management within the Jira Service Management Data Centre and Server. (Affected Versions: Jira 4.20.0)
This vulnerability, with a CVSS score of 7.5, was identified as a DoS flaw in the Confluence Data Centre and Server. (Affected Versions: Confluence 5.6 and impacts release up to 8.6.0)
A critical Remote Code Execution (RCE) vulnerability was discovered in Bitbucket Data Centre and Server, with a CVSS score of 8.5. (Affected Versions: Bitbucket 8.0.0 and impacts most releases until version 8.14.0)
This vulnerability pertained to a DoS flaw in the Apache Tomcat server, explicitly affecting the Bamboo Data Centre and Server. It received a CVSS score of 7.5. (Affected Versions: Bamboo 8.1.12)
Atlassian has diligently addressed these four vulnerabilities in the latest versions of its products released last month.
The company recommends users upgrade their instances to these versions:
Protect your Organization, Website and Data with Cyber Attacks, Vulnerabilities and Online Threats with Professional Cyber Security Services.