Security News > 2023 > December > Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
2023-12-06 09:18

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471 (CVSS score: 9.8) - Deserialization vulnerability in SnakeYAML library that can lead to remote code execution in multiple products CVE-2023-22522 (CVSS score


News URL

https://thehackernews.com/2023/12/atlassian-releases-critical-software.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2023-22522 Injection vulnerability in Atlassian Confluence Server
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page.
network
low complexity
atlassian CWE-74
8.8
2022-12-01 CVE-2022-1471 Deserialization of Untrusted Data vulnerability in Snakeyaml Project Snakeyaml
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution.
network
low complexity
snakeyaml-project CWE-502
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 3 259 104 46 412