Security News > 2023 > December > Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
2023-12-06 09:18
Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471 (CVSS score: 9.8) - Deserialization vulnerability in SnakeYAML library that can lead to remote code execution in multiple products CVE-2023-22522 (CVSS score
News URL
https://thehackernews.com/2023/12/atlassian-releases-critical-software.html
Related news
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution (source)
- That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices (source)
- That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices (source)
- CUPS flaws enable Linux remote code execution, but there’s a catch (source)
- Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-22522 | Injection vulnerability in Atlassian Confluence Server This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. | 8.8 |
| 2022-12-01 | CVE-2022-1471 | Deserialization of Untrusted Data vulnerability in Snakeyaml Project Snakeyaml SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. | 9.8 |