Pierluigi Paganini December 06, 2023

Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products.

Atlassian released security patches to address four critical remote code execution vulnerabilities in its products.

Below is the list of vulnerabilities addressed by the vendor:

• CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products. Multiple Atlassian Data Center and Server Products use the SnakeYAML library for Java, which is susceptible to a deserialization flaw that can lead to RCE (Remote Code Execution).
• CVE-2023-22522 (CVSS score: 9.0) – RCE Vulnerability In Confluence Data Center and Confluence Server.
• CVE-2023-22523 (CVSS score: 9.8) – This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent. See “What You Need To Do” for detailed instructions.
• CVE-2023-22524 (CVSS score: 9.6) – All versions of the Atlassian Companion App for MacOS up to but not including 2.0.0 are affected by a Remote Code Execution (RCE) vulnerability, CVE-2023-22524. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow the execution of code.

It’s unclear if the above issues are actively exploited in attacks in the wild.

At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server.

The vulnerability is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker.

In early October, Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software.

The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later. A remote attacker can trigger the flaw in low-complexity attacks without any user interaction.

In July, Atlassian addressed three critical and high-severity vulnerabilities impacting the Confluence Server, Data Center, and Bamboo Data Center products. Successful exploitation of the vulnerabilities could result in remote code execution on vulnerable systems.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)