Table of Contents
On January 16, 2024, Atlassian released a security advisory addressing a critical vulnerability in Confluence Data Center and Confluence Server that, if exploited, could lead to Remote Code Execution (RCE) on the affected server.
The editor also released a security advisory addressing 28 high-severity vulnerabilities which have been fixed in new versions of Atlassian products.
Technical Blog
Security Advisory: Critical Vulnerability in Atlassian Products
History
17/01/2024 --- v1.0 -- Initial publication
Summary
On January 16, 2024, Atlassian released a security advisory addressing a critical vulnerability in Confluence Data Center and Confluence Server that, if exploited, could lead to Remote Code Execution (RCE) on the affected server.
The editor also released a security advisory addressing 28 high-severity vulnerabilities which have been fixed in new versions of Atlassian products.
Technical Details
The critical vulnerability CVE-2023-22527, with a CVSS score of 10, is due to a template injection vulnerability on out-of-date versions of Confluence Data Center and Server that allows an unauthenticated attacker to achieve RCE on an affected version.
Among the other 28 vulnerabilities, 6 of them could lead to Remote Code Execution on several Atlassian products.
Affected Products
The vulnerability CVE-2023-22527 affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 (i.e., Confluence Data Center and Server versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3), as well as 8.4.5 which no longer receives backported fixes in accordance with Atlassian's Security Bug Fix Policy.
The other 28 vulnerabilities affect various Atlassian products including Bitbucket, Bamboo, Jira, Jira Service Management, Crowd, Confluence Data Center, and Confluence Server.
Recommendations
CERT-EU strongly recommends installing the latest version of Atlassian products as soon as possible.
References
- CVE-2023-22527 RCE Remote Code Execution Vulnerability in Confluence Data Center and Confluence Server
- Security Bulletin - January 16, 2024
```htmlMITRE ATT&CK Matrix Advisory - Atlassian Critical Vulnerabilities
MITRE ATT&CK Matrix - Atlassian Critical Vulnerabilities
Enterprise Layer
| Technique | Tactic | Sub-techniques | Potential Attack Groups | Mitigation |
|---|---|---|---|---|
| T1190 - Exploit Public-Facing Application | Initial Access | N/A | N/A | Apply the latest security updates for Atlassian products |
| T1505 - Server Software Component | Persistence, Privilege Escalation | T1505.003 - Web Shell | N/A | Monitor and audit web server logs |
| T1068 - Exploitation for Privilege Escalation | Privilege Escalation | N/A | N/A | Regularly patch and update software |
| T1105 - Ingress Tool Transfer | Command and Control | N/A | N/A | Restrict file downloads from unknown sources |
| T1203 - Exploitation for Client Execution | Execution | N/A | N/A | Ensure Web Application Firewall (WAF) is configured properly |
Mobile Layer
As the vulnerabilities are associated with server applications, no specific techniques from the MITRE ATT&CK Mobile Layer are identified for this advisory.
ICS Layer
Since the Atlassian products mentioned do not directly pertain to ICS (Industrial Control Systems), relevant techniques from the MITRE ATT&CK ICS Layer are currently not applicable.
Recommendations
CERT-EU strongly recommends:
- Installing the latest version of Atlassian products as soon as possible.
- Continuously monitoring for abnormal behavior and potential intrusions.
- Regularly updating and patching systems to remediate known vulnerabilities.
References
```
This post was generated entirely by an AI language model. Source: CERT EU
