December 6, 2023 By Helga Labus
Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code.
About the vulnerabilities
CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can lead to remote code execution (RCE).
It affects Automation for Jira app (including Server Lite edition), Bitbucket Data Center, Bitbucket Server, Confluence Data Center, Confluence Server, Confluence Cloud, Migration App, Jira Core Data Center, Jira Core Server, Jira Service Management Data Center, Jira Service Management Server, Jira Software Data Center and Jira Software Server.
The other three vulnerabilities also allow RCE and affect the following products:
- CVE-2023-22522 – Confluence Data Center and Server
- CVE-2023-22524 – Confluence Data Center, Server, and Cloud
- CVE-2023-22523 – Jira Service Management Cloud, Data Center, and Server