2023-09-20 22:43:59
Within the broad domain of collaboration tools, Bitbucket and Atlassian’s Confluence emerge as prominent figures, lending their enabling capabilities to many developers and teams around the world. However, like other formidable entities, these platforms are not immune to potential risks. In recent times, some vulnerabilities of significant severity have emerged, causing a sense of apprehension throughout the Atlassian community.
The potential risk present within Bitbucket’s server and data center is not common. The vulnerability, identified as CVE-2023-22513, is classified as high severity due to its CVSS score of 8.5. It allows remote code execution (RCE) and dates back to version 8.0.0.
A perpetrator who has successfully authenticated and is abusing this vulnerability has the ability to execute arbitrary code, which could result in serious and perhaps catastrophic results. It shows the combination of three important effects, namely secrecy, integrity and availability, without requiring any user involvement.
Fortunately, the susceptibility was identified by a diligent individual user, as a result of Atlassian’s Bug Bounty initiative.
Atlassian responded quickly by strongly recommending customers upgrade to the latest version. In case you are unable to perform the task, it is recommended to upgrade your instance by upgrading to one of the officially designated approved fixed versions.
The vulnerability identified as CVE-2023-22512 belongs to a denial of service (DoS) attack that can be exploited in Confluence Data Center and Server.
The Denial of Service (DoS) vulnerability has been present in Confluence Data Center and Server since version 5.6. The vulnerability identified as CVE-2023-22512, with a CVSS score of 7.5, does not compromise the confidentiality or integrity of the system. However, it points to the aspect that is most vulnerable.
The presence of this vulnerability allows an unauthorized attacker to exploit it, resulting in the disruption of a network-connected Confluence instance, either momentarily or forever. It can be compared to an imperceptible force that exhausts available resources.
Once again, a member of the Bug Bounty program played the role of attentive observer who identified and reported this vulnerability.
Atlassian recommends that those who are excited about Confluence quickly upgrade to the latest version. For those looking for temporary solutions, it is recommended to consider implementing the required version updates. In case you are unable to perform the task, it is recommended that you upgrade your instance to one of the officially approved fixed versions as mentioned.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cybersecurity analyst in 2003. He actively works as an antimalware expert. He also worked for security companies such as Kaspersky Lab. His daily work includes investigating new malware and cybersecurity incidents. He also has a deep level of knowledge in mobile security and mobile vulnerabilities.
Send news tips to [email protected] or www.instagram.com/iicsorg/
You can also find us on Telegram www.t.me/noticiasciberseguro
#Hack #Atlassian #Bitbucket #Confluence #Data #Center #vulnerability