iTnews Asia
  • Home
  • News
  • Security

Atlassian issues urgent Confluence patch

Atlassian issues urgent Confluence patch

Template injection RCE fixed.

By Richard Chirgwin on Jan 17, 2024 11:04AM

Atlassian is warning users of out-of-date Confluence data centre and server environments that they need to update to a current version to patch a critical-rated vulnerability.

CVE-2023-22527 carries a CVSS score of 10 and is a template injection vulnerability that gives an unauthenticated attacker remote code execution (RCE) capability.

Recent supported versions are not affected, because the vulnerability was “ultimately mitigated during regular updates.”

Affected versions were released before December 5, 2023, and include 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0-8.5.3.

The bug is fixed in Confluence data centre and server version 8.5.5 (LTS); and in Confluence data centre 8.7.2.

The company yesterday also released a security bulletin covering 28 high-rated vulnerabilities.

The fixes patch 14 denial-of-service bugs in the data centre and server versions of Bitbucket and Bamboo; information disclosure vulnerabilities in Crowd and Bamboo; six RCEs in Bamboo and Confluence; request smuggling vulnerabilities in Apache components used in Bitbucket, Bamboo, Crowd and Jira software; a server-side request forgery vulnerability in Jira service management; and an XML external entity injection bug in Jira software.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
atlassian confluence rce security

Related Articles

  • How can the Agentic AI workspace remain secure for APAC organisations?
  • AI-fuelled attacks forcing enterprises to rethink security architecture
  • Malicious AI agents can severely disrupt APAC enterprises
  • A data-first AI strategy is critical to managing security threats in 2026
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

How can the Agentic AI workspace remain secure for APAC organisations?

How can the Agentic AI workspace remain secure for APAC organisations?

AI-fuelled attacks forcing enterprises to rethink security architecture

AI-fuelled attacks forcing enterprises to rethink security architecture

Malicious AI agents can severely disrupt APAC enterprises

Malicious AI agents can severely disrupt APAC enterprises

How severe will ransomware attacks become in 2026?

How severe will ransomware attacks become in 2026?

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.