- Table of contents
The author
I love to get stuck in and let the creative juices flow. My strengths lie in idea generation, development and execution. Over 5 years experience in B2B cybersecurity. I reign supreme when my imagination and creativity can run wild.
Table of contents
Related Articles
Atlassian Releases Four Critical Patches to Prevent RCE
Atlassian Releases Four Critical Patches to Prevent RCE
Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution.
- CVE-2022-1471 (CVSS score: 9.8) – This vulnerability involves a deserialization flaw in the SnakeYAML library for Java, impacting various Atlassian Data Center and Server Products, and it can lead to Remote Code Execution (RCE).
- CVE-2023-22522 (CVSS score: 9.0) – An RCE Vulnerability In Confluence Data Center and Confluence Server.
- CVE-2023-22523 (CVSS score: 9.8) – This vulnerability enables an attacker to perform privileged RCE on machines with the Assets Discovery agent installed, occurring between the Assets Discovery application and the Assets Discovery agent.
- CVE-2023-22524 (CVSS score: 9.6) – A Remote Code Execution (RCE) vulnerability affecting all versions of the Atlassian Companion App for MacOS up to version 2.0.0. Attackers could exploit Web Sockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper, facilitating code execution.
In late October 2023, Atlassian issued a warning about a critical security flaw, CVE-2023-22518 (CVSS score 9.1), impacting all versions of Confluence Data Center and Server. This improper authorization issue poses a significant risk of data loss if exploited by an unauthenticated attacker.
In early October, emergency security updates were released by Atlassian to address a critical zero-day vulnerability, CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. This privilege escalation vulnerability affects Confluence Data Center and Server versions 8.0.0 and later, allowing remote attackers to trigger the flaw in low-complexity attacks without user interaction.
In July, Atlassian tackled three critical and high-severity vulnerabilities affecting Confluence Server, Data Center, and Bamboo Data Center products. The successful exploitation of these vulnerabilities could result in remote code execution on vulnerable systems.
Exploit in the Wild
These vulnerabilities carry high CVSS scores, emphasizing their critical nature and the immediate necessity for patching. The most severe among them, CVE-2022-1471 in the SnakeYAML library, boasts a CVSS score of 9.8, denoting a significant threat level. CVE-2022-1471 exposes a deserialization flaw in the SnakeYAML library, utilized by multiple Atlassian products, potentially leading to Remote Code Execution (RCE).
A Proof-of-Concept (PoC) exploit code for the CVE-2022-1471 vulnerability in the SnakeYAML library can be found on GitHub (Figure 1). It is crucial to reiterate that the SnakeYAML library is employed by various Atlassian products, and exploiting CVE-2022-1471 could result in RCE.
Affected Products
These vulnerabilities impact numerous Atlassian products and versions, encompassing, but not restricted to, Automation for Jira (A4J), Bitbucket Data Center and Server, Confluence Data Center and Server, and the Atlassian Companion App for MacOS. For a comprehensive list of the affected products, please consult the advisory.
Vulnerabilities
| Vulnerabilities | Affected Products |
|---|---|
| Remote Code Execution (CVE-2022-1471) | Automation for Jira (A4J) app (including Server Lite edition) Bitbucket Data Center and Server Confluence Data Center and Server Confluence Cloud Migration App (CCMA) Jira Core Data Center and Server Jira Service Management Data Center and Server Jira Software Data Center and Server |
| Remote Code Execution (CVE-2023-22522) | Confluence Data Center and Server |
| Remote Code Execution (CVE-2023-22524) | Confluence Data Center, Server, and Cloud |
| Remote Code Execution (CVE-2023-22523) | Jira Service Management Cloud, Data Center, and Server |
Recommendations
As Atlassian products have increasingly become attractive targets for cyber attacks in recent years, Atlassian strongly advises promptly updating installations of affected products to the latest or patched versions. There are no alternative mitigations available for these vulnerabilities, underscoring the critical need for timely software updates.
Atlassian has issued patches covering various product versions. For instance, updating Automation for Jira to version 9.0.2 or 8.2.4 is recommended, and for Confluence Data Center and Server, upgrading to version 7.19.17 (LTS) or 8.4.5 is advised.
Cyberint’s Threat Intelligence
Cyberint’s impactful intelligence solution fuses real-time threat intelligence with bespoke attack surface management, providing organizations with extensive integrated visibility into their external risk exposure. Leveraging autonomous discovery of all external-facing assets, coupled with open, deep & dark web intelligence, the solution allows cybersecurity teams to uncover their most relevant known and unknown digital risks – earlier. Global customers, including Fortune 500 leaders across all major market verticals, rely on Cyberint to prevent, detect, investigate, and remediate phishing, fraud, ransomware, brand abuse, data leaks, external vulnerabilities, and more, ensuring continuous external protection from cyber threats.
