{"id":31117,"date":"2023-07-26T00:31:00","date_gmt":"2023-07-25T22:31:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=31117"},"modified":"2023-07-26T00:31:00","modified_gmt":"2023-07-25T22:31:00","slug":"atlassian-updates-confluence-and-bambo-due-to-critical-vulnerabilities","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/07\/26\/atlassian-updates-confluence-and-bambo-due-to-critical-vulnerabilities\/","title":{"rendered":"Atlassian updates Confluence and Bambo due to critical vulnerabilities"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2023\/07\/25\/atlassian-aktualisiert-confluence-und-bambo-wegen-kritischer-schwachstellen\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Another addendum from July 18, 2023 &#8211; that's when vendor Atlassian released its security bulletin for July 2023. Vulnerabilities in Confluence Data Center &amp; Server (CVE-2023-22505 and CVE-2023-22508) and Bamboo Data Center (CVE-2023-22506) have become public. An attacker can exploit these vulnerabilities to take control of an affected system.<\/p>\n<p><!--more--><\/p>\n<p>US-CISA has <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/07\/21\/atlassian-releases-security-updates\" target=\"_blank\" rel=\"noopener\">warned<\/a> about these vulnerabilities as early as July 21, 2023 and urges patching.<\/p>\n<blockquote><p>Atlassian has released its Security Bulletin for <a href=\"https:\/\/confluence.atlassian.com\/security\/security-bulletin-july-18-2023-1251417643.html\" target=\"_blank\" rel=\"noopener\">July 2023<\/a> to address vulnerabilities in Confluence Data Center &amp; Server (<a href=\"https:\/\/jira.atlassian.com\/browse\/CONFSERVER-88265\" target=\"_blank\" rel=\"noopener\">CVE-2023-22505<\/a> and <a href=\"https:\/\/jira.atlassian.com\/browse\/CONFSERVER-88221\" target=\"_blank\" rel=\"noopener\">CVE-2023-22508<\/a>) and Bamboo Data Center (<a href=\"https:\/\/jira.atlassian.com\/browse\/BAM-22400\" target=\"_blank\" rel=\"noopener\">CVE-2023-22506<\/a>). An attacker can exploit these vulnerabilities to take control of an affected system.<\/p>\n<p>CISA encourages users and administrators to review Atlassian's <a href=\"https:\/\/confluence.atlassian.com\/security\/security-bulletin-july-18-2023-1251417643.html\" target=\"_blank\" rel=\"noopener\">July 2023 Security Bulletin<\/a> and apply the necessary updates.<\/p><\/blockquote>\n<p>The security alert includes the following products and vulnerabilities:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-22505\" target=\"_blank\" rel=\"noopener\">CVE-2023-22505<\/a>: RCE (Remote Code Execution) in Confluence Data Center &amp; Server; High, CVSS Score 8, <a href=\"https:\/\/jira.atlassian.com\/browse\/CONFSERVER-88265\" target=\"_blank\" rel=\"noopener\">View Ticket<\/a><\/li>\n<li><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-22508\" target=\"_blank\" rel=\"noopener\">CVE-2023-22508<\/a>; RCE (Remote Code Execution) in Confluence Data Center &amp; Server; High; CVSS Score 8.5, <a href=\"https:\/\/jira.atlassian.com\/browse\/CONFSERVER-88221\" target=\"_blank\" rel=\"noopener\">View Ticket<\/a><\/li>\n<li><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-22506\" target=\"_blank\" rel=\"noopener\">CVE-2023-22506<\/a>: Injection, RCE (Remote Code Execution) in Bamboo; High; CVSS Score 7.5, <a href=\"https:\/\/jira.atlassian.com\/browse\/BAM-22400\" target=\"_blank\" rel=\"noopener\">View Ticket<\/a><\/li>\n<\/ul>\n<p>Details about the affected software versions and about the updates can be found in the linked tickets. (<a href=\"https:\/\/thehackernews.com\/2023\/07\/atlassian-releases-patches-for-critical.html\" target=\"_blank\" rel=\"noopener\">via<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Another addendum from July 18, 2023 &#8211; that's when vendor Atlassian released its security bulletin for July 2023. Vulnerabilities in Confluence Data Center &amp; Server (CVE-2023-22505 and CVE-2023-22508) and Bamboo Data Center (CVE-2023-22506) have become public. An attacker can exploit &hellip; <a href=\"https:\/\/borncity.com\/win\/2023\/07\/26\/atlassian-updates-confluence-and-bambo-due-to-critical-vulnerabilities\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-31117","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/31117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=31117"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/31117\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=31117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=31117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=31117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}