Atlassian releases security updates for server instances

Atlassian has taken security measures by releasing updates to mitigate four high-severity vulnerabilities present in their products including

• Bamboo,
• Bitbucket,
• Confluence,
• Jira,

The vulnerabilities which could be exploited by malicious actors to launch denial-of-service (DoS) and remote code execution (RCE) attacks.

• CVE-2023-22513 (CVSS score 8.5), exists in Bitbucket Data Center and Server, presenting a critical RCE flaw potentially allowing authenticated attackers to execute arbitrary code without user interaction. This vulnerability affects versions up to 8.14.0, and users are advised to upgrade to versions 8.9.5 and above to mitigate this risk.
• CVE-2023-22512 (CVSS score 7.5.), is classified as a DoS issue affecting Confluence Data Center and Server products, with a This flaw enables unauthenticated attackers to disrupt services, affecting versions up to and including 8.5.0, and fixes are available in Confluence versions 7.19.14 and 8.5.1.
• CVE-2022-25647, affecting Jira Service Management Data Center and Server, could allow unauthenticated attackers to expose assets within a user's environment, addressed in versions 4.20.25 and above.
• CVE-2023-28709, a DoS issue within the Apache Tomcat server affecting Bamboo Data Center and Server, exposes assets to potential exploitation, with the fix available in versions 9.2.4 and later.

Atlassian strongly recommends users to upgrade to the latest available version to safeguard their systems, and if this is not feasible, to upgrade to the minimum fix version provided.