Atlassian RCE Bugs Plague Confluence, Bamboo

The security vulnerabilities allow full takeover of Atlassian instances, so admins should patch now.

Dark Reading Staff, Dark Reading

July 24, 2023

1 Min Read
A photo of a computer screen with Atlassian logo
Source: Sharaf Maksumov via Shutterstock

Three just-disclosed remote code execution (RCE) security vulnerabilities open up Atlassian Confluence Data Center & Server, and Bamboo, to system takeover, the software company is warning.

Confluence is a popular Web-based corporate wiki used for collaboration in cloud and hybrid server environments that allows one-click connections to a variety of different databases. More than 60,000 customers use Confluence, including LinkedIn, NASA, and the New York Times.

Bamboo, meanwhile, is a continuous integration (CI) and continuous delivery (CD) server for software development that provides automated building and testing of software source-code status.

Successful exploitation of any of the flaws could offer a wide-open door into users' cloud infrastructure, software supply chain, and more. While threat actors need to be authenticated to be successful, no user interaction is required to exploit the bugs.

In Confluence, the vulnerabilities are tracked as CVE-2023-22505 (CVSS 8.5) and CVE-2023-22508 (CVSS 8.0). Both were patched in Confluence versions 8.3.2 and 8.4.0.

"This injection and RCE vulnerability allow an authenticated attacker to modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability,” Atlassian noted in its security advisory on Confluence.

Meanwhile, the high-severity issue in the Bamboo Data Center (CVE-2023-22506, CVSS 7.5) was patched in versions 9.2.3 and 9.3.1.

"[An attacker can] modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability," according to Atlassian. 

Given the sensitive nature of Atlassian within corporate networks, the US Cybersecurity and Infrastructure Security Agency (CISA) is urging that users apply the patches to their Atlassian instances as soon as possible.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights