Atlassian Security Updates Patch High-Severity Vulnerabilities
21-Sep-23
This week, updates for four serious flaws in Atlassian’s Jira, Confluence, Bitbucket, and Bamboo products were released. The most serious of these problems is a remote code execution (RCE) bug in Bitbucket that is tracked as CVE-2023-22513 (CVSS score of 8.5) and may affect confidentiality, integrity, and availability. Without requiring user involvement, an authenticated attacker can exploit the weakness, according to Atlassian.
Most releases up until version 8.14.0 of Bitbucket are affected by the problem, which was first noticed in version 8.0.0. This vulnerability is fixed in Bitbucket versions 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, and beyond. The second flaw, CVE-2023-22512 (CVSS score of 7.5), affects the Confluence Data Center and Server products and is classified as a denial-of-service (DoS) problem.
