Cyber Security News

Atlassian & Bamboo RCE Flaw Let Attacker Execute Arbitrary Code

by Esmeralda McKenzie
written by Esmeralda McKenzie
Atlassian & Bamboo RCE Flaw Let Attacker Execute Arbitrary Code

Atlassian & Bamboo RCE Flaw Let Attacker Execute Arbitrary Code

Atlassian RCE Flaw Let Attacker Attain Arbitrary Code

On July 18th, Atlassian chanced on serious and high vulnerabilities thru malicious program bounty programs, third-birthday celebration library scans, and penetration testing.

In their safety bulletin, they’ve addressed three high vulnerabilities that were detected on their confluence files heart, server, and bamboo heart.

Atlassian has confirmed that these vulnerabilities were mounted in their contemporary model of products.

Summary of the Vulnerabilities

CVE-2023-22505

This Excessive severity RCE  became chanced on by malicious program bounty, which affects model 8.0.0 of Confluence Files Heart & Server.

This RCE (A long way off Code Execution) vulnerability, with a CVSS Accumulate of 8, permits an authenticated attacker to make arbitrary code.

This has a high impact on CIA(confidentiality, integrity, and availability) and no user interplay.

Advice:

Atlassian recommends that you just beef up your occasion to the most up-to-date model.

If you’re unable to beef as a lot as the most up-to-date, beef as a lot as this type of mounted variations: 8.3.2, 8.4.0.

CVE-2023-22508

This Excessive severity RCE vulnerability will be reported via malicious program bounty which affects model 7.4.0 of Confluence Files Heart & Server.

This RCE (A long way off Code Execution) vulnerability, with a CVSS Accumulate of 8.5, permits an authenticated attacker to make arbitrary code which has a high impact on confidentiality, high impact on integrity, high impact on availability, and no user interplay.

Advice:

Atlassian recommends its customers beef up cases to the most up-to-date model. If no longer, beef as a lot as model: 8.2.0.

CVE-2023-22506

This Excessive severity Injection and RCE were chanced on thru an interior pentesting program.

This Injection and RCE (A long way off Code Execution) vulnerability, with a CVSS Accumulate of seven.5, affects model 8.0.0 of Bamboo Files Heart.

This enables an authenticated attacker to switch the actions taken by a tool call and make arbitrary code.

Advice:

Atlassian instructed upgrading the occasion to the most up-to-date model or upgrading to this type of mounted variations: 9.2.3 and 9.3.1.

Source credit : cybersecuritynews.com

Related Posts

Google Chrome 127 Released With Fix for Vulnerabilities...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Play Ransomware Variant Attacking Linux ESXi Servers

Google Researchers Detailed Tools Used by APT41 Hacker...

Threat Actors Hijacking Facebook Accounts With Password Stealing...

Weekly Cyber Security News Letter – Data Breaches,...

CrowdStrike Releases Fix for Updates Causing Windows to...

Cisco Smart Software Manager Flaw Let Attackers Change...

Killer Ultra Malware Attacking EDR Tools From Symantec,...