More than two dozen security bugs have been collectively fixed by Splunk and Atlassian across their respective products, according to SecurityWeek.
Updates have been issued by Splunk to address over 15 vulnerabilities impacting its products and third-party dependencies, the most serious of which is the high-severity deserialization of untrusted data bug in Secure Gateway, tracked as CVE-2024-53247. Such an issue, which stems from insecure Jsonpickle Python library utilization, could be leveraged to facilitate remote code execution, noted Splunk. Aside from patching more than 12 high- and medium-severity issues across a dozen Splunk Enterprise third-party dependencies, the firm has also addressed a trio of Splunk Enterprise and Splunk Cloud Platform flaws. On the other hand, Atlassian has patched 10 high-severity issues affecting Bitbucket Data Center and Server, Bamboo Data Center and Server, and Confluence Data Center and Server. Immediate remediation of the patched flaws has been recommended despite the lack of evidence suggesting active exploitation.
