Atlassian Rolls Out Fixes to Tackle High Severity Flaws
The Australian software firm Atlassian rolled out fixes to tackle four high-severity product vulnerabilities that could lead to DoS attacks and remote code execution. Atlassian uncovered these flaws utilizing pen-testing processes, the Bug Bounty program, and third-party library scans.
Here’s a detailed breakdown of these four vulnerabilities:
CVE-2022-25647:
This particular vulnerability, with a CVSS score of 7.5, was identified as a deserialization flaw within the Google GSON package. It significantly impacted Patch Management within the Jira Service Management Data Centre and Server. (Affected Versions: Jira 4.20.0)
CVE-2023-22512:
This vulnerability, with a CVSS score of 7.5, was identified as a DoS flaw in the Confluence Data Centre and Server. (Affected Versions: Confluence 5.6 and impacts release up to 8.6.0)
CVE-2023-22513:
A critical Remote Code Execution (RCE) vulnerability was discovered in Bitbucket Data Centre and Server, with a CVSS score of 8.5. (Affected Versions: Bitbucket 8.0.0 and impacts most releases until version 8.14.0)
CVE-2023-28709:
This vulnerability pertained to a DoS flaw in the Apache Tomcat server, explicitly affecting the Bamboo Data Centre and Server. It received a CVSS score of 7.5. (Affected Versions: Bamboo 8.1.12)
Atlassian has diligently addressed these four vulnerabilities in the latest versions of its products released last month.
The company recommends users upgrade their instances to these versions:
- Bamboo Server and Data Center (versions – 9.2.4, 9.3.1, or later)
- Confluence Server and Data Center (versions – 7.19.13, 7.19.14, 8.5.1, 8.6.0, or later)
- Bitbucket Server and Data Center (versions – 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0, or later)
- Jira Service Management Server and Data Center (versions – 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0, or later)
Protect your Organization, Website and Data with Cyber Attacks, Vulnerabilities and Online Threats with Professional Cyber Security Services.