Summary: Atlassian has announced the release of patches addressing 12 critical and high-severity vulnerabilities across several products, including Bamboo, Bitbucket, Confluence, Crowd, and Jira. The most severe issues involve remote code execution and authentication bypass vulnerabilities in Confluence and Crowd, both stemming from Apache Tomcat. Users are urged to update their systems immediately to avoid potential exploitation.
Affected: Atlassian products (Bamboo, Bitbucket, Confluence, Crowd, Jira)
Keypoints :
- Five critical vulnerabilities fixed in Confluence Data Center and Server, and Crowd Data Center and Server.
- Two critical flaws in Apache Tomcat pose a CVSS score of 9.8, allowing unauthenticated attackers to execute remote code.
- Updates also address high-severity DoS vulnerabilities in Bamboo, Bitbucket, and Jira.
- Atlassian advises customers to patch their systems to the latest or fixed versions to mitigate vulnerabilities.
Source: https://www.securityweek.com/atlassian-patches-critical-vulnerabilities-in-confluence-crowd/