Atlassian has launched software program program fixes to take care of four critical flaws in its software program program that, if effectively exploited, could result in distant code execution.
The report of vulnerabilities is beneath –
- CVE-2022-1471 (CVSS ranking: 9.8) – Deserialization vulnerability in SnakeYAML library that will end in distant code execution in a lot of merchandise
- CVE-2023-22522 (CVSS ranking: 9.0) – Distant code execution vulnerability in Confluence Data Coronary heart and Confluence Server (impacts all variations along with and after 4.0.0)
- CVE-2023-22523 (CVSS ranking: 9.8) – Distant code execution vulnerability in Property Discovery for Jira Service Administration Cloud, Server, and Data Coronary heart (impacts all variations as a lot as nevertheless not along with 3.2.0-cloud / 6.2.0 info coronary heart and server)
- CVE-2023-22524 (CVSS ranking: 9.6) – Distant code execution vulnerability in Atlassian Companion app for macOS (impacts all variations as a lot as nevertheless not along with 2.0.0)
Atlassian described CVE-2023-22522 as a template injection flaw that allows an authenticated attacker, along with one with anonymous entry, to inject unsafe particular person enter proper right into a Confluence net web page, resulting in code execution.
The Property Discovery flaw permits an attacker to hold out privileged distant code execution on machines with the Property Discovery agent put in, whereas CVE-2023-22524 could enable an attacker to realize code execution through the use of WebSockets to bypass Atlassian Companion’s blocklist and macOS Gatekeeper protections.
The advisory comes nearly a month after the Australian software program program agency revealed all variations of its Bamboo Data Coronary heart and Server merchandise are impacted by an actively exploited essential security flaw in Apache ActiveMQ (CVE-2023-46604, CVSS ranking: 10.0). Fixes have been launched in variations 9.2.7, 9.3.5, and 9.4.1 or later.
With Atlassian merchandise turning into worthwhile assault vectors currently, this can be very actually helpful that prospects switch shortly to interchange affected installations to a patched mannequin.
Thanks for being a valued member of the Nirantara household! We admire your continued assist and belief in our apps.
If you have not already, we encourage you to obtain and expertise these unbelievable apps. Keep linked, knowledgeable, trendy, and discover wonderful journey gives with the Nirantara household!
Thank you for being a valued member of the Nirantara family! We appreciate your continued support and trust in our apps.
-
Nirantara Social - Stay connected with friends and loved ones. Download now:
Nirantara Social
-
Nirantara News - Get the latest news and updates on the go. Install the Nirantara News app:
Nirantara News
-
Nirantara Fashion - Discover the latest fashion trends and styles. Get the Nirantara Fashion app:
Nirantara Fashion
-
Nirantara TechBuzz - Stay up-to-date with the latest technology trends and news. Install the Nirantara TechBuzz app:
Nirantara Fashion
-
InfiniteTravelDeals24 - Find incredible travel deals and discounts. Install the InfiniteTravelDeals24 app:
InfiniteTravelDeals24
If you haven't already, we encourage you to download and experience these fantastic apps. Stay connected, informed, stylish, and explore amazing travel offers with the Nirantara family!
Source link
