8
Dec
2023
RCE Vulnerabilities Identified in Multiple Atlassian Products
Atlassian has announced four critical vulnerabilities impacting the products listed below. All four vulnerabilities carry a critical CVSS score of 9.0 or higher. Atlassian advises that customers must take immediate action to protect their instances.
Please carefully review all of the Critical Security Advisories impacting your Atlassian product(s) to verify affected versions and instructions.
CVE-2022-1471 - SnakeYAML library RCE Vulnerability Impacts Multiple Products
- Automation for Jira (A4J) app (including Server Lite edition)
- Bitbucket Data Center and Server
- Confluence Cloud Migration App (CCMA)
- Confluence Data Center and Server
- Jira Core Data Center and Server
- Jira Service Management Data Center and Server
- Jira Software Data Center and Server
This RCE (Remote Code Execution) vulnerability affects all versions listed on this page.
Atlassian recommends patching to the latest version or a fixed LTS version.
CVE-2023-22522 - RCE Vulnerability in Confluence Data Center and Server
- Confluence Data Center and Server
This RCE (Remote Code Execution) vulnerability affects all versions including and after 4.0.0 of Confluence Data Center and Server. Atlassian recommends patching to the latest version or a fixed LTS version. See this page for full details.
CVE-2023-22524 - RCE Vulnerability in Atlassian Companion App for MacOS
- Confluence Data Center and Server (former and present customers)
This RCE vulnerability affects all versions of Atlassian Companion App for MacOS, up to but not including version 2.0.0. The Atlassian Companion App for MacOS will update automatically during runtime. Atlassian recommends that you confirm the version installed is version 2.0.0 or later. More information can be found on this page.
CVE-2023-22523 - RCE Vulnerability in Assets Discovery (stand-alone app)
- Jira Service Management Cloud
- Jira Service Management Data Center and Server
This vulnerability affects all versions prior to Assets Discovery 3.2.0-cloud / 6.2.0 data center and server. Atlassian recommends patching to the latest version.
Atlassian has provided guidance on what you need to do to mitigate the risk of this vulnerability here.
We recommend that you move promptly to address these vulnerabilities.
Our experts are also available to assist if you require help navigating these CVEs. If you would like our assistance, please contact our team.