Atlassian Patches Remote Code Execution Vulnerabilities in Confluence and Bamboo (CVE-2023-22505, CVE-2023-22506, & CVE-2023-22508)

Atlassian Confluence Server & Data Center and Bamboo Data Center are affected by high-severity vulnerabilities: CVE-2023-22505, CVE-2023-22506, and CVE-2023-22508. The vulnerabilities may allow attackers to perform remote code execution on successful exploitation.

Anonymous researchers have discovered and reported these vulnerabilities to Atlassian via their Bug Bounty and Penetration Testing programs.

In February 2023, Atlassian addressed a critical severity broken authentication vulnerability in Jira Service Management Server and Data Center (CVE-2023-22501).

Confluence Data Centre is a self-managed solution that provides extra configuration choices to satisfy the most demanding teams’ collaboration requirements.

Bamboo Data Center provides the deployment flexibility and administrative control required to manage mission-critical Bamboo sites.

CVE-2023-22505 & CVE-2023-22508: Confluence Data Center & Server Remote Code Execution Vulnerability

CVE-2023-22505 exists in the Confluence Data Center & Server version 8.0.0, while CVE-2023-22508 exists in version 7.4.0.

Both vulnerabilities can be exploited without user interactions, allowing an authenticated attacker to execute arbitrary code. The exploitation of vulnerability has a high impact on confidentiality, integrity, and availability.

CVE-2023-22506: Bamboo Data Center Injection and Remote Code Execution Vulnerability

This injection and remote code execution vulnerability is rated high, with a CVSS score of 7.5. The exploitation of the vulnerability requires no user interaction. Successful exploitation of the vulnerability allows an authenticated attacker to modify the actions taken by a system call and execute arbitrary code. The vulnerability significantly impacts confidentiality, integrity, and availability.

Affected Versions

  • Bamboo Data Center version 8.0.0
  • Confluence Data Center & Server versions 7.4.0 and 8.0.0

Mitigation

Customers should update to the following fixed versions:

  • Bamboo Data Center 9.2.3 and 9.3.1
  • Confluence Data Center and Server 8.3.2 and 8.4.0
  • Confluence Data Center and Server 7.19.8 and 8.2.0

Qualys Detection

Qualys customers can scan their devices with QIDs 730847, 730848, and 730852 to detect vulnerable assets.

Continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.  

References
https://jira.atlassian.com/browse/BAM-22400
https://jira.atlassian.com/browse/CONFSERVER-88221
https://jira.atlassian.com/browse/CONFSERVER-88265 
https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html

Leave a Reply

Your email address will not be published. Required fields are marked *