[German]Another addendum from July 18, 2023 – that's when vendor Atlassian released its security bulletin for July 2023. Vulnerabilities in Confluence Data Center & Server (CVE-2023-22505 and CVE-2023-22508) and Bamboo Data Center (CVE-2023-22506) have become public. An attacker can exploit these vulnerabilities to take control of an affected system.
Advertising
US-CISA has warned about these vulnerabilities as early as July 21, 2023 and urges patching.
Atlassian has released its Security Bulletin for July 2023 to address vulnerabilities in Confluence Data Center & Server (CVE-2023-22505 and CVE-2023-22508) and Bamboo Data Center (CVE-2023-22506). An attacker can exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Atlassian's July 2023 Security Bulletin and apply the necessary updates.
The security alert includes the following products and vulnerabilities:
- CVE-2023-22505: RCE (Remote Code Execution) in Confluence Data Center & Server; High, CVSS Score 8, View Ticket
- CVE-2023-22508; RCE (Remote Code Execution) in Confluence Data Center & Server; High; CVSS Score 8.5, View Ticket
- CVE-2023-22506: Injection, RCE (Remote Code Execution) in Bamboo; High; CVSS Score 7.5, View Ticket
Details about the affected software versions and about the updates can be found in the linked tickets. (via)
Advertising
