Atlassian, the software company known for its enterprise collaboration tools, has recently addressed three security flaws in its Confluence Server, Data Center, and Bamboo Data Center products. These vulnerabilities, if successfully exploited, could result in remote code execution on affected systems.
The first vulnerability, identified as CVE-2023-22505, is a remote code execution flaw in Confluence Data Center and Server. With a CVSS score of 8.0, this vulnerability has the potential to allow an attacker to execute arbitrary code on the affected system. Atlassian has fixed this vulnerability in versions 8.3.2 and onwards.
The second vulnerability, identified as CVE-2023-22506, is a server-side request forgery (SSRF) vulnerability in Confluence Data Center and Server. This vulnerability has a CVSS score of 6.1 and could be exploited to make unauthorized requests to internal resources or perform DNS and port scanning. Atlassian has fixed this vulnerability in versions 8.3.2 and onwards.
The third vulnerability, identified as CVE-2023-22507, is a path traversal vulnerability in Bamboo Data Center. With a CVSS score of 6.1, this vulnerability could allow an attacker to read arbitrary files on the affected system. Atlassian has fixed this vulnerability in versions 7.1.5 and onwards.
In response to these security flaws, Atlassian has released updates for its affected products. It is strongly recommended for users to update to the latest versions to mitigate the risk of exploitation.
In summary, Atlassian has patched three security vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products. These vulnerabilities, if exploited, could allow remote code execution, unauthorized requests, and path traversal. Users are advised to update to the latest versions to protect their systems.Original Article: https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html
No products in the cart.