Friday , December 27 2024
Atlassian

Atlassian released advisory for CVE-2023-22527

infosecbulletin Tuesday , January 16 2024 Vulnerabilities

Tuesday (16 January) Atlassian released advisory for CVE-2023-22527 – RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server.

A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version. Customers using an affected version must take immediate action.

Hacker reportedly leak Indonesia Gov.t 82 GB data

By infosecbulletin / Thursday , December 26 2024
Hackers claimed to have accessed and stolen 82 GB of sensitive data from Indonesia's Regional Financial Management Information System (SIPKD)....
Read More
Hacker reportedly leak Indonesia Gov.t 82 GB data

BCSI officially announce National Vulnerability Disclosure Program (NVDP)

By infosecbulletin / Wednesday , December 25 2024
Bangladesh Cyber Security Intelligence (BCSI) officially launch the National Vulnerability Disclosure Program (NVDP) to enhance the country's cybersecurity. This initiative...
Read More
BCSI officially announce National Vulnerability Disclosure Program (NVDP)

CVE-2024-9474
Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls

By infosecbulletin / Wednesday , December 25 2024
Northwave Cyber Security has found a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls. Northwave researcher claimed the backdoor was...
Read More
CVE-2024-9474 Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls

New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs

By infosecbulletin / Tuesday , December 24 2024
A newly discovered vulnerability called "G-Door" enables malicious actors to bypass Microsoft 365 security by exploiting unmanaged Google Docs accounts....
Read More
New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs

CVE-2024-53961
Adobe alerts of critical ColdFusion bug with PoC exploit available

By infosecbulletin / Tuesday , December 24 2024
Adobe has issued urgent security updates for ColdFusion versions 2023 and 2021 to fix a critical vulnerability (CVE-2024-53961). This flaw...
Read More
CVE-2024-53961 Adobe alerts of critical ColdFusion bug with PoC exploit available

Splunk targets Bangladeshi market: Investing in local talent

By infosecbulletin / Monday , December 23 2024
Splunk, a unified security and observability platform turn its focuses on Bangladeshi market. On Monday (23 December) Splunk's local partner...
Read More
Splunk targets Bangladeshi market: Investing in local talent

Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

By infosecbulletin / Sunday , December 22 2024
A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code...
Read More
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

By infosecbulletin / Sunday , December 22 2024
Mastercard has completed its acquisition of Recorded Future, an AI-based threat intelligence provider. Mastercard has acquired the company for $2.65...
Read More
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

Eight New ICS Advisories released by CISA

By infosecbulletin / Saturday , December 21 2024
CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...
Read More
Eight New ICS Advisories released by CISA

Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI

By infosecbulletin / Friday , December 20 2024
Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...
Read More
Authority Denies Hacker claim ransomware attack on Indonesia’s state bank BRI

Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Affected Versions:

This RCE (Remote Code Execution) vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 which no longer receives backported fixes in accordance with our Security Bug Fix Policy. Atlassian recommends patching to the latest version.

Source: Atlassian

What You Need To Do:

Immediately patch to the latest version

If you are on an out-of-date version, you must immediately patch. Atlassian recommends that you patch each of your affected installations to the latest version available. The listed Fixed Versions are no longer the most up-to-date and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian’s January Security Bulletin.

Source: Atlassian

Mitigations:
There are no known workarounds. To remediate this vulnerability, update each affected product installation to the latest version.

Check Also

advisories

Eight New ICS Advisories released by CISA

CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin