Atlassian Crowd
A critical remote code execution vulnerability has been identified in Atlassian Crowd, a popular user management and access control platform.
The vulnerability tracked as CVE-2023-22521 with a CVSS score of 8.0 manifests as a Remote Code Execution (RCE) vulnerability, a type of security flaw that grants an attacker the ability to remotely execute arbitrary code on a vulnerable system. This capability empowers attackers to seize control of the system, potentially causing extensive damage to data confidentiality, integrity, and availability.
The vulnerability impacts a range of Crowd Data Center and Server versions, including:
- Crowd Data Center and Server 3.4.6 and 5.2.0
- Exploitation Complexity and Impact Severity
To address this critical vulnerability, Atlassian strongly recommends upgrading the Crowd Data Center and Server to the latest version. Alternatively, if immediate upgrading is not feasible, users can apply the specified supported fixed versions:
- Crowd Data Center and Server 3.4: Upgrade to a release greater than or equal to 5.1.6
- Crowd Data Center and Server 5.2: Upgrade to a release greater than or equal to 5.2.1
Atlassian Bamboo
Atlassian has disclosed a critical remote code execution vulnerability affecting Bamboo Data Center and Server versions 8.1.0 through 9.3.0.
The vulnerability tracked as CVE-2023-22516 with a CVSS score of 8.5 manifests as a Remote Code Execution (RCE) vulnerability, a type of security flaw that grants an attacker the ability to remotely execute arbitrary code on a vulnerable system. This capability empowers attackers to seize control of the system, potentially causing extensive damage to data confidentiality, integrity, and availability.
The vulnerability impacts a range of Bamboo Data Center and Server versions, including:
- Bamboo Data Center and Server 8.1.0
- Bamboo Data Center and Server 8.2.0
- Bamboo Data Center and Server 9.0.0
- Bamboo Data Center and Server 9.1.0
- Bamboo Data Center and Server 9.2.0
- Bamboo Data Center and Server 9.3.0
To address this critical vulnerability, Atlassian strongly recommends upgrading the Bamboo Data Center and Server to the latest version. Alternatively, if immediate upgrading is not feasible, users can apply the specified supported fixed versions:
- Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7.
- JDK 1.8u121+ should be used in case Java 8 is used to run the Bamboo Data Center and Server.
- Bamboo Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.4.
