High-severity Atlassian vulnerabilities fixed

Security updates have been issued by Atlassian to address four high-severity bugs in its Bamboo, Bitbucket, Confluence, and Jira offerings, reports SecurityWeek. While there has not been any reported exploitation of the vulnerabilities, threat actors could leverage the most severe issue, tracked as CVE-2023-22513, to enable remote command execution in Bitbucket without any interaction from targeted users. Attackers could also abuse a Confluence denial-of-service flaw, tracked as CVE-2023-22512, to facilitate temporary or indefinite service disruption among network-connected hosts. On the other hand, exploitation of a Bamboo bug within Apache Tomcat, tracked as CVE-2023-28709, and a Jira flaw, tracked as CVE-2022-25647, could both result in the exposure of vulnerable assets. "The vulnerabilities reported in this security bulletin include 4 high-severity vulnerabilities which have been fixed in new versions of our products, released in the last month. These vulnerabilities are discovered via our Bug Bounty program and pen-testing processes, as well as third-party library scans," said Atlassian.