Atlassian Vulnerabilities Let attackers To Conduct DoS & RCE Attacks

by Esmeralda McKenzie
Atlassian Vulnerabilities Let attackers To Conduct DoS & RCE Attacks

Atlassian Vulnerabilities Let attackers To Conduct DoS & RCE Attacks

Atlassian Vulnerabilities Exploited To Habits DoS And A ways away Code Execution Attacks

This week, Atlassian released fixes for four excessive-severity flaws that had the possible to reason a DoS and distant code execution and affected lots of of its products.

The flaws in its main products, Jira, Confluence, Bitbucket, and Bamboo, were mounted. Atlassian chanced on these vulnerabilities using its Malicious program Bounty program, pen-checking out processes, and third-celebration library scans.

EHA

Doc

FREE Demo

Deploy Advanced AI-Powered Electronic mail Security Solution

Imposing AI-Powered Electronic mail security solutions “Trustifi” can steady your enterprise from nowadays’s most threatening email threats, akin to Electronic mail Monitoring, Blocking, Editing, Phishing, Tale Rob Over, Industry Electronic mail Compromise, Malware & Ransomware

Four Excessive-Severity Flaws Addressed

  • CVE-2022-25647 (CVSS discover: 7.5) – Patch Administration Flaw

This patch administration trojan horse in Jira could allow an attacker to expose property for extra exploitation. It could per chance per chance lead to DoS attacks.

Affected Versions

Launched in Jira version 4.20.0

Fix Launched

Upgrade to a minimum fix version of 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0 or latest

  • CVE-2023-22512 (CVSS discover: 7.5) – DoS (Denial of Service) Flaw

A DoS flaw in Confluence Data Center and Server. In step with Atlassian, an unauthenticated attacker could exploit this vulnerability to dam gain admission to to property by temporarily or indefinitely disrupting the companies and products of a inclined host linked to a network.

Affected Versions

Model 5.6 and impacts commence as much as eight.6.0.

Fix Launched

Upgrade to a minimum fix version of seven.19.13, 7.19.14, 8.5.1, 8.6.0 or latest

  • CVE-2023-22513 (CVSS discover: 8.5) – RCE (A ways away Code Execution) Flaw

An RCE flaw within the Bitbucket Data Center and Server.

“This RCE (A ways away Code Execution) vulnerability, enables an authenticated attacker to offer arbitrary code which has a excessive affect on confidentiality, excessive affect on integrity, excessive affect on availability, and requires no user interaction”, Atlassian acknowledged.

Affected Versions

Model 8.0.0 and impacts most releases until version 8.14.0.

Fix Launched

Upgrade to a minimum fix version of 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0 or latest

  • CVE-2023-28709 (CVSS discover: 7.5) –  DoS Flaw

A DoS flaw within the Apache Tomcat server impacted the Bamboo Data Center and Server. It is some distance described as a third-celebration dependency area that would possibly be exploited by an attacker to “expose property to your environment inclined to exploitation.”

Affected Versions

Model 8.1.12, the trojan horse used to be addressed in Bamboo versions 9.2.4 and 9.3.1.

Fix Launched

Upgrade to a minimum fix version of 9.2.4, 9.3.1, or presumably the latest.

Atlassian recommends upgrading to presumably the latest mounted versions released.

Source credit : cybersecuritynews.com

Related Posts