- 316/2023
- Critical
Atlassian has released security updates to address several vulnerabilities across multiple products.
The addressed vulnerabilities could allow the remote attacker to conduct denial of service attacks, obtain sensitive information, or execute arbitrary code, and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Atlassian Assets Discovery Remote Code Execution (CVE-2023-22523):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Atlassian Confluence Data Center and Confluence Server Remote Code Execution (CVE-2023-22522):
- CVSS: 9
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Sample of the affected Products:
- Atlassian Confluence Server.
- Atlassian Confluence Data Center.
- Atlassian Jira Service Management Data Center.
- Atlassian Jira Software Data Center.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.