Atlassian has released security updates to address vulnerabilities affecting multiple Atlassian products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply the necessary updates or mitigations.
- CVE-2023-22522 – RCE Vulnerability In Confluence Data Center and Confluence Server
- CVE-2023-22524 – RCE Vulnerability in Atlassian Companion App for MacOS
- CVE-2023-22523 – RCE Vulnerability in Assets Discovery
- CVE-2022-1471 – SnakeYAML library RCE Vulnerability impacts Multiple Products