Atlassian Flaw Let attackers To Conduct DoS & RCE Attacks


This week, Atlassian released fixes for four high-severity flaws that had the potential to cause a DoS and remote code execution and affected several of its products.

The issues in its primary products, Jira, Confluence, Bitbucket, and Bamboo, have been fixed. Atlassian found these vulnerabilities using its Bug Bounty program, pen-testing processes, and third-party library scans.



Document

FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware


Four High-Severity Flaws Addressed

This patch management bug in Jira could allow an attacker to expose assets for further exploitation. It may lead to DoS attacks.

Affected Versions

Introduced in Jira version 4.20.0

Fix Released

Upgrade to a minimum fix version of 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0 or latest

A DoS flaw in Confluence Data Center and Server. According to Atlassian, an unauthenticated attacker might exploit this vulnerability to block access to resources by temporarily or indefinitely disrupting the services of a vulnerable host connected to a network.

Affected Versions

Version 5.6 and impacts release up to 8.6.0.

Fix Released

Upgrade to a minimum fix version of 7.19.13, 7.19.14, 8.5.1, 8.6.0 or latest

  • CVE-2023-22513 (CVSS score: 8.5) – RCE (Remote Code Execution) Flaw 

An RCE flaw in the Bitbucket Data Center and Server.

“This RCE (Remote Code Execution) vulnerability, allows an authenticated attacker to execute arbitrary code which has a high impact on confidentiality, high impact on integrity, high impact on availability, and requires no user interaction”, Atlassian said.

Affected Versions

Version 8.0.0 and impacts most releases until version 8.14.0.

Fix Released

Upgrade to a minimum fix version of 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0 or latest

A DoS flaw in the Apache Tomcat server impacted the Bamboo Data Center and Server. It is described as a third-party dependency problem that can be exploited by an attacker to “expose assets in your environment susceptible to exploitation.”

Affected Versions

Version 8.1.12, the bug was addressed in Bamboo versions 9.2.4 and 9.3.1.

Fix Released

Upgrade to a minimum fix version of 9.2.4, 9.3.1, or the latest.

Atlassian recommends upgrading to the latest fixed versions released.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.





Source link