CVE‑2023‑22523 & CVE‑2022‑1471 : unable to find further information nor when a patch is released

PNG Jira Lead
Contributor
December 5, 2023

Atlassian has today emailed us alerting us to the following:

Jira Service Management Cloud, Data Center and Server
• CVE‑2023‑22523 – RCE vulnerability in Assets Discovery app
• CVE‑2022‑1471 – SnakeYAML library RCE vulnerability impacts multiple products (Data Center and Server only)

Jira Software and Jira Core Data Center and Server, Automation for Jira apps
• CVE-2022-1471 – SnakeYAML library RCE vulnerability impacts multiple products

 

However, doing the following searches at jira.atlassian.com

text ~ CVE‑2023‑22523

found nothing

 

For the next CVE:

text ~ CVE‑2022‑1471

also found nothing

 

and doing a general internet search across atlassian.com:

site:atlassian.com CVE‑2023‑22523

found nothing,

and for:

site:atlassian.com CVE‑2022‑1471

only shows up:

Trivy vulnerabiltiy scan of atlassian/jira-softwar...

 

Where could I go next to find out what Jira versions are affected, please, and monitor for any patches to be released?

1 answer

1 accepted

2 votes
Answer accepted
Ste Wright
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 5, 2023

Hi @PNG Jira Lead 

The email should have links to the relevant pages - see all the links and advisories on this page: https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html

Ste

PNG Jira Lead
Contributor
December 5, 2023

yeah the email had links; unfortunately they were broken.  I replied back for updated links.

Thanks so much for the link you provided, I can see it references the two CVEs in question:

CVE-2023-22523 - RCE Vulnerability in Assets Discovery | Atlassian Support | Atlassian Documentation

and

CVE-2022-1471 - SnakeYAML library RCE Vulnerability In Multiple Products | Atlassian Support | Atlassian Documentation

that's very helpful, thank you @Ste Wright :)

Ste Wright
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 5, 2023

Hi @PNG Jira Lead 

I checked the email and the links are there - but they do link to redirects!

I've let Atlassian know also :)

Ste

Like PNG Jira Lead likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events