Atlassian Security Updates Patch High-Severity Vulnerabilities
Atlassian this week announced patches for four high-severity vulnerabilities impacting its Jira, Confluence, Bitbucket, and Bamboo products. Tracked as CVE-2023-22513 (CVSS score of 8.5), the most severe of these issues is described as a remote code execution (RCE) bug in Bitbucket that could impact confidentiality, integrity, and availability. An authenticated attacker can exploit the flaw without user interaction, Atlassian explains. The issue was introduced in Bitbucket version 8.0.0 and impacts most releases until version 8.14.0. Bitbucket versions 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0, and newer address this vulnerability. The second bug, CVE-2023-22512 (CVSS score of 7.5), is described as a denial-of-service (DoS) issue in the Confluence Data Center and Server products. According to Atlassian, an unauthenticated attacker can exploit this vulnerability to deny access to resources, “by temporarily or indefinitely disrupting services of a vulnerable host connected to a network”.