- 234/2023
- High
Atlassian has released security updates to address several vulnerabilities across multiple products.
The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, or trigger a denial of service attack on the affected products.
Sample of the addressed vulnerabilities:
1. Atlassian Bitbucket Server, Data Center Code Execution (CVE-2023-22513):
- CVSS: 8.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Atlassian Confluence Data Center, Server Denial of Service (CVE-2023-22512):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Affected Products:
- Atlassian Jira Service Management Server and Data Center.
- Atlassian Confluence Server and Data Center.
- Atlassian Bitbucket Server and Data Center.
Vulnerabilities
- CVE-2022-25647
- CVE-2023-22512
- CVE-2023-22513
- CVE-2023-28709
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.