Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Atlassian addressed 3 flaws in Confluence and Bamboo products

Atlassian addressed three vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products that can lead to remote code execution. Atlassian has addressed three critical and high severity vulnerabilities impacting the Confluence Server, Data Center, and Bamboo Data Center products. Successful exploitation of the vulnerabilities could result in remote code execution on vulnerable systems. According to […]

Atlassian Confluence CVE-2023-22515

Atlassian addressed three vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products that can lead to remote code execution.

Atlassian has addressed three critical and high severity vulnerabilities impacting the Confluence Server, Data Center, and Bamboo Data Center products. Successful exploitation of the vulnerabilities could result in remote code execution on vulnerable systems.

According to the advisory, the vulnerabilities were reported to the company via its bug bounty and pen-testing processes, as well as 3rd party library scans.

Below is the list of flaws addressed by the company:

.

Released Security Vulnerabilities
SummarySeverityCVSS ScoreCVE IDViewPublic Date
RCE (Remote Code Execution) in Confluence Data Center & ServerHigh8CVE-2023-22505View TicketJul 18, 2023
RCE (Remote Code Execution) in Confluence Data Center & ServerHigh8.5CVE-2023-22508View TicketJul 18, 2023
Injection, RCE (Remote Code Execution) in BambooHigh7.5CVE-2023-22506View TicketJul 18, 2023

The most severe flaw, tracked as CVE-2023-22508 (CVSS score: 8.5), is a Remote Code Execution that impacts the Confluence Data Center and Server. The flaw CVE-2023-22508 was introduced in version 7.4.0 of Confluence Data Center & Server. 

The second flaw addressed by the company is a high severity Injection and RCE (Remote Code Execution) vulnerability, tracked as CVE-2023-22506 (CVSS Score 7.5). The flaw was introduced in version 8.0.0 of Bamboo Data Center.  An authenticated attacker can trigger the issue to modify the actions taken by a system call and execute arbitrary code without any user interaction.   

Weeks later, it also rolled out fixes for two critical overflow flaws in Git (CVE-2022-41903 and CVE-2022-23531) affecting Bitbucket Server and Data Center, Bamboo Server and Data Center, Fisheye, Crucible, and Sourcetree.

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Atlassian)