Atlassian and the Internet Strategies Consortium (ISC) have disclosed quite a few security flaws impacting their merchandise that might probably be exploited to achieve denial-of-service (DoS) and distant code execution.
The Australian software program program suppliers provider said that the 4 high-severity flaws had been fixed in new variations shipped ultimate month. This comprises –
- CVE-2022-25647 (CVSS score: 7.5) – A deserialization flaw inside the Google Gson package deal deal impacting Patch Administration in Jira Service Administration Data Coronary heart and Server
- CVE-2023-22512 (CVSS score: 7.5) – A DoS flaw in Confluence Data Coronary heart and Server
- CVE-2023-22513 (CVSS score: 8.5) – A RCE flaw in Bitbucket Data Coronary heart and Server
- CVE-2023-28709 (CVSS score: 7.5) – A DoS flaw in Apache Tomcat server impacting Bamboo Data Coronary heart and Server
The failings have been addressed inside the following variations –
- Jira Service Administration Server and Data Coronary heart (variations 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0, or later)
- Confluence Server and Data Coronary heart (variations 7.19.13, 7.19.14, 8.5.1, 8.6.0, or later)
- Bitbucket Server and Data Coronary heart (variations 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0, or later)
- Bamboo Server and Data Coronary heart (variations 9.2.4, 9.3.1, or later)
Two Extreme-Severity Flaws in BIND Mounted
In a related progress, ISC has launched fixes for two high-severity bugs affecting the Berkeley Internet Title Space (BIND) 9 Space Title System (DNS) software program program suite that may pave one of the simplest ways for a DoS state of affairs –
- CVE-2023-3341 (CVSS score: 7.5) – A stack exhaustion flaw in administration channel code may set off named to terminate unexpectedly (fixed in variations 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, and 9.18.19-S1)
- CVE-2023-4236 (CVSS score: 7.5) – The named service may terminate unexpectedly beneath extreme DNS-over-TLS query load (fixed in variations 9.18.19 and 9.18.19-S1)
The newest patches arrive three months after ISC rolled out fixes for 3 totally different flaws inside the software program program (CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911, CVSS scores: 7.5) that may finish in a DoS state of affairs.
Thanks for being a valued member of the Nirantara household! We admire your continued assist and belief in our apps.
If you have not already, we encourage you to obtain and expertise these unbelievable apps. Keep linked, knowledgeable, fashionable, and discover wonderful journey gives with the Nirantara household!
