Hello community,
We have discovered four critical vulnerabilities impacting customers of the products listed below. All four vulnerabilities carry a critical CVSS score of 9.0 or higher, and customers must take immediate action to protect their instances.
Please carefully review all of the Critical Security Advisories impacting your Atlassian product(s) to verify affected versions and instructions.
CVE-2023-22524 - RCE Vulnerability in Atlassian Companion app for MacOS
Confluence Data Center and Server (former and present customers)
CVE-2023-22523 - RCE Vulnerability in Assets Discovery app
Jira Service Management Cloud
Jira Service Management Data Center and Server
CVE-2023-22522 - RCE Vulnerability in Confluence Data Center and Server
Confluence Data Center and Server
CVE-2022-1471 - SnakeYAML library RCE Vulnerability impacts Multiple Products
Bitbucket Data Center and Server
Confluence Data Center and Server
Confluence Cloud Migration Assistant (CCMA) app
Jira Core Data Center and Server
Jira Service Management Data Center and Server
Jira Software Data Center and Server
Automation for Jira (A4J) app (including Server Lite edition)
We found these vulnerabilities as part of an ongoing security review that we are conducting in addition to our continuous security assessments. Your security is our top priority, and we believe that acting proactively is the best approach to protecting your data.
Please follow the linked Critical Security Advisories for future updates.
If you have questions, please raise a support request via instructions included in the advisory.
Thank you,
Atlassian Trust team
This Trust and Community post is a cross-post of the approved post by Andy Heinzer: https://community.atlassian.com/t5/Announcement-articles/Action-Required-RCE-Vulnerabilities-Identified-in-Multiple/ba-p/2552220 |
Jodie Vlassis
Senior Trust & Security SME
Atlassian
Sydney, Australia
11 accepted answers
2 comments