Improved Security: Atlassian Addresses Multiple Critical Vulnerabilities with Patches

Atlassian has released patches to address several critical vulnerabilities. The first vulnerability, CVE-2023-22522, is a template injection vulnerability in Confluence Data Centre and Confluence Server. This vulnerability allows an attacker to inject unsafe user input into a Confluence page, granting them remote code execution. It affects all versions of Confluence Data Centre and Server after version 4.0.0, and users are advised to upgrade to a fixed version.

Another vulnerability, CVE-2023-22524, is a remote code execution vulnerability in the Atlassian Companion App for MacOS. Attackers can use WebSockets to bypass the app’s blocklist and MacOS Gatekeeper, enabling the execution of code.

CVE-2023-22523 is a critical-rated bug in Asset Discovery in Jira Service Management Cloud, Server, and Data Centre. This vulnerability exists between the Assets Discovery application and the Assets Discovery agent, allowing attackers to gain privileged remote code execution.

Lastly, CVE-2022-1471 is a remote code execution deserialization bug in the SnakeYAML library, which is utilized in multiple Atlassian products such as Automation for Jira, BitBucket, Confluence, and Jira configurations. Patches are available for affected versions of these products.

Unlock your business potential with our expert guidance. Get in touch now!

Robot-bot-chatbot-AI.jpg

A Jobseeker’s Handbook: Leveraging AI and Its Implications for Employers

tr_20241220-top-software-development-technologies.jpg

8 Key Software Development Technologies to Watch in 2025

cloud-money-finance-investment-savings-adobe.jpg

AWS Provides Hackney Council with a Minimum 22% Discount on Cloud Services via OGVA 2.0

tr_20241219-eu-guidance-ai-privacy-laws.jpg

EU Provides Guidance for AI Developers on Compliance with Privacy Regulations

IT-sustainability-think-tank-hero.jpg

IT Sustainability Think Tank: Insights from 2024 and Key Priorities for 2025

AdobeStock_210063189.jpg

NVIDIA Unveils New Mini Developer Kit for Generative AI

technology-digital-ai-binary-adobe.jpeg

Digital Ethics Summit 2024: Understanding the Socio-Technical Aspects of AI