Atlassian released security patches for its Confluence Data Center and Bamboo Data Center. Two of the vulnerabilities, CVE-2023-22508 (Confluence 7.4.0) and CVE-2023-22505 (Confluence 8.0.0), could allow attackers to execute remote code with minimal user interaction.
Private users discovered both of the flaws and notified Atlassian through their bug bounty program. Atlassian patched both flaws in Confluence versions 8.3.2 and 8.4.0, and customers are urged to update their systems immediately. The company also patched CVE-2023-22506 (Bamboo 8.0.0) in versions 9.2.3 and 9.3.1 of the enterprise solution. This flaw also permitted authenticated attacks to inject and execute remote code with no user interaction. CISA warned that attackers can fully take over systems by exploiting outdated software with these vulnerabilities.
Read More: