December 11, 2023

Researchers have uncovered a couple of high-severity vulnerabilities have cropped up, causing ripples of concern among the Atlassian community.

CVE-2023-22513: Remote Code Execution in Bitbucket Data Center and Server

The threat dubbed with the CVE-2023-22513 tag and boasting a CVSS score of a whopping 8.5, this high-severity Remote Code Execution (RCE) vulnerability traces its genesis back to version 8.0.0.

An authenticated attacker, exploiting this flaw, can run arbitrary code with potentially devastating consequences. It possesses as a threat with high impacts—confidentiality, integrity, and availability—all without the need for any user interaction.

Advertisements

Atlassian has recommended users to upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions:

  • Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5
  • Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5
  • Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4
  • Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2
  • Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1
  • Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0
  • Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions.

CVE-2023-22512: Denial of Service in Confluence Data Center and Server

Confluence Data Center and Server, since its 5.6 version, lurked with a potent Denial of Service vulnerability. Given the CVE-2023-22512 with a CVSS score of 7.5, this vulnerability doesn’t meddle with confidentiality or integrity. But it strikes where it hurts the most—availability.

An unauthenticated adversary can harness this flaw, rendering a Confluence instance connected to a network unavailable—be it temporarily or indefinitely. It’s akin to an unseen force pulling the plug on your resources.

Advertisements

Atlassian suggests a prompt upgrade to the latest edition. And for those looking at interim measures, specified version upgrades are the way to go. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions:

  • Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.14
  • Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.1
  • Confluence Data Center and Server 8.6 or above: No need to upgrade, you’re already on a patched version.
Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d