Atlassian has issued warnings about security vulnerabilities in several products. Affected are Atlassian Bitbucket Data Center and Server, Confluence Data Center and Server, and Jira Service Management Data Center and Server. Updated software is available that closes the security gaps.
There is a vulnerability in the Atlassian Bitbucket Data Center and Server that allows authenticated attackers to execute arbitrary code. This has a strong impact on confidentiality, integrity and availability. User interaction is not necessary for this (CVE-2023-22513, CVSS 8.5, risk “high”). The error crept in with release 8.0.0 of Bitbucket Data Center and Server. Versions 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1 and 8.14.0 correct it. IT managers should upgrade versions of 8 before 8.9 to a supported level, the Atlassian developers write in the security report.
Atlassian: Multiple products with high-risk gaps
Malicious actors from the Internet can launch a denial of service attack on Atlassian Confluence Data Center and servers without prior registration. No further user interaction is required (CVE-2023-22512, CVSS 7.5, high). Confluence from version 5.6 is affected. Versions 7.19.14 and 8.5.1 close the gap; Anyone using version 8.6 or newer can already benefit from the error corrections, writes Atlassian.
A serious patch management vulnerability in Atlassian Jira Service Management Data Center and Server allows attackers to expose items from the IT environment that may be vulnerable. However, Atlassian does not explain what this looks like in concrete terms (CVE-2022-25647, CVSS 7.5, high). The error has existed since version 4.20.0 of Jira Service Management Data Center and Server and is in versions 4.20.25, 5.4.9, 5.9.2 as well as 5.10.1 and 5.11.0 and more recently.
IT managers should download and install the available updates quickly if they have not done so yet.
In February of this year, Atlassian closed a critical security vulnerability in Jira Service Management. It allowed attackers to take over accounts.
To home page
#Atlassian #warns #security #gaps #Bitbucket #Confluence #Jira