Security News > 2023 > December > Atlassian security advisory reveals four fresh critical flaws – in mail with dead links
Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own - the links it contained weren't live for all readers at the time of despatch.
The email, seen by The Register, warns of flaws rated 9.0 or higher on the Common Vulnerability Scoring System scale and offers a link to an advisory.
Nor did links to the four CVEs the email mentions reach the correct page for around an hour - all produced a Page Not Found error and a suggestion that the page may have been renamed with another URL that does carry the correct information.
Atlassian told us "There was a small error where emails went out to some customers with broken links. As soon as we realized we put a workaround in place so customers were redirected to the appropriate pages. We apologize to our customers for any frustration caused with our mistake."
While the links were dead, Atlassian did manage to publish info about the four fresh problems here.
Atlassian's emailed advisory urges "You must take immediate action to protect your instance." The Register imagines that was a hard instruction to follow, given the dud links the email contained for some customers.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/06/atlassian_four_rce_cves/
Related news
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- HPE patches three critical security holes in Aruba PAPI (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)