Skip to content

2024-009: Critical and High Vulnerabilities in Atlassian Products

Table of Contents

On January 16, 2024, Atlassian released a security advisory addressing a critical vulnerability in Confluence Data Center and Confluence Server that, if exploited, could lead to Remote Code Execution (RCE) on the affected server.
The editor also released a security advisory addressing 28 high-severity vulnerabilities which have been fixed in new versions of Atlassian products.


Technical Blog

Security Advisory: Critical Vulnerability in Atlassian Products

History

17/01/2024 --- v1.0 -- Initial publication

Summary

On January 16, 2024, Atlassian released a security advisory addressing a critical vulnerability in Confluence Data Center and Confluence Server that, if exploited, could lead to Remote Code Execution (RCE) on the affected server.

The editor also released a security advisory addressing 28 high-severity vulnerabilities which have been fixed in new versions of Atlassian products.

Technical Details

The critical vulnerability CVE-2023-22527, with a CVSS score of 10, is due to a template injection vulnerability on out-of-date versions of Confluence Data Center and Server that allows an unauthenticated attacker to achieve RCE on an affected version.

Among the other 28 vulnerabilities, 6 of them could lead to Remote Code Execution on several Atlassian products.

Affected Products

The vulnerability CVE-2023-22527 affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 (i.e., Confluence Data Center and Server versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3), as well as 8.4.5 which no longer receives backported fixes in accordance with Atlassian's Security Bug Fix Policy.

The other 28 vulnerabilities affect various Atlassian products including Bitbucket, Bamboo, Jira, Jira Service Management, Crowd, Confluence Data Center, and Confluence Server.

Recommendations

CERT-EU strongly recommends installing the latest version of Atlassian products as soon as possible.

References


```htmlMITRE ATT&CK Matrix Advisory - Atlassian Critical Vulnerabilities

MITRE ATT&CK Matrix - Atlassian Critical Vulnerabilities

Enterprise Layer

Technique Tactic Sub-techniques Potential Attack Groups Mitigation
T1190 - Exploit Public-Facing Application Initial Access N/A N/A Apply the latest security updates for Atlassian products
T1505 - Server Software Component Persistence, Privilege Escalation T1505.003 - Web Shell N/A Monitor and audit web server logs
T1068 - Exploitation for Privilege Escalation Privilege Escalation N/A N/A Regularly patch and update software
T1105 - Ingress Tool Transfer Command and Control N/A N/A Restrict file downloads from unknown sources
T1203 - Exploitation for Client Execution Execution N/A N/A Ensure Web Application Firewall (WAF) is configured properly

Mobile Layer

As the vulnerabilities are associated with server applications, no specific techniques from the MITRE ATT&CK Mobile Layer are identified for this advisory.

ICS Layer

Since the Atlassian products mentioned do not directly pertain to ICS (Industrial Control Systems), relevant techniques from the MITRE ATT&CK ICS Layer are currently not applicable.

Recommendations

CERT-EU strongly recommends:

  • Installing the latest version of Atlassian products as soon as possible.
  • Continuously monitoring for abnormal behavior and potential intrusions.
  • Regularly updating and patching systems to remediate known vulnerabilities.

References

```


This post was generated entirely by an AI language model. Source: CERT EU

Latest