Home / Threat Intelligence bulletins / Atlassian releases security patches for zero-day vulnerabilities

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Atlassian has released security patches for security flaws tracked as:

  • CVE-2023-22505 (CVSSv3 score: 8.0) – RCE (Remote Code Execution) in Confluence Data Centre and Server
  • CVE-2023-22508 (CVSSv3 score: 8.5) – RCE (Remote Code Execution) in Confluence Data Centre and Server
  • CVE-2023-22506 (CVSSv3 score: 7.5) – Injection, RCE (Remote Code Execution) in Bamboo

Impact

  • Successful exploitation of CVE-2023-22505 and CVE-2023-22508 allows an authenticated threat actor to execute arbitrary code which has high impact to the confidentiality, integrity and availability of data.
  • Successful exploitation of CVE-2023-22506 allows an authenticated threat actor to modify the actions taken by a system call and execute arbitrary code which has high impact to the confidentiality, integrity and availability of data.

Vulnerability Detection

Atlassian has released security patches with regards to these vulnerabilities. As such, previous versions are vulnerable to potential exploitation.

Affected Products

  • CVE-2023-22505 and CVE-2023-22508:
  • Atlassian Confluence Server
  • Atlassian Data Centre

CVE-2023-22506:

Atlassian Bamboo Data Centre

Containment, Mitigations & Remediations

It is strongly recommended that users of the affected product versions apply the relevant security patches as soon as possible:

  • CVE-2023-22505: Remediated in Confluence Server versions 8.3.2 and 8.4.0
  • CVE-2023-22508: Remediated in Data Centre versions 7.19.8 and 8.2.0
  • CVE-2023-22506; Remediated in Bamboo versions 9.2.3 and 9.3.1

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Atlassian occupies a significant proportion of the team-collaboration market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Atlassian products could emerge as a prime target for threat actors. Due to the fact that Atlassian products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to exfiltrate the sensitive data contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactic

TA0002 – Execution

Further Information

Atlassian Security Advisory

 

An Intelligence Terminology Yardstick to showing the likelihood of events