September 21, 2023

Atlassian has patched critical vulnerabilities in its Crowd and Bitbucket products.

In the Bitbucket source code repository hosting service, Atlassian fixed CVE-2022-43781, a critical command injection vulnerability that affects Bitbucket Server and Data Center version 7 and, in some cases, version 8.

Updates that patch the flaw have been released for both BitBucket 7 and 8. Atlassian Cloud sites are not affected.

In the Crowd, an application security framework that handles authentication and authorization for web-based applications, Atlassian fixed CVE-2022-43782, a critical security misconfiguration issue affecting all versions starting with 3.0.0.

Advertisements

Summarizing, all new installations running any of the following versions are impacted:

  • Crowd 3.0.0 – Crowd 3.7.2
  • Crowd 4.0.0 – Crowd 4.4.3
  • Crowd 5.0.0 – Crowd 5.0.2

Atlassian will not patch the vulnerability in version 3.0.0 of the product because it reached the end of life.

This flaw has been rated critical, it can only be exploited by IPs in the Crowd application’s allowlist in the Remote Addresses configuration. It only impacts new installations users who have updated their installation from a version prior to 3.0.0 are not affected.

There does not appear to be any evidence of malicious exploitation.

Tags:

Leave a Reply

You may have missed

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023

GitLab Addresses Critical Vulnerability -CVE-2023-4998

September 20, 2023

Crowdstrike New Offerings and Bionic.ai Acquisition

September 20, 2023

Microsoft AI exposed terabytes of data accidentally

September 19, 2023
%d bloggers like this: