Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution


Four serious vulnerabilities in Atlassian’s software that might allow for remote code execution if properly exploited have been fixed with software updates.According to Atlassian, CVE-2023-22522 is a template injection vulnerability that enables code execution on a Confluence page by an authenticated attacker, including one with anonymous access.While CVE-2023-22524 could allow an attacker to achieve code execution by using WebSockets to get around Atlassian Companion’s blocklist and macOS Gatekeeper protections, the Assets Discovery flaw gives an attacker the ability to perform privileged remote code execution on machines that have the Assets Discovery agent installed.

Read More…