Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can lead to remote code execution (RCE). It affects Automation for Jira app (including Server Lite edition), Bitbucket Data Center, Bitbucket Server, Confluence Data Center, Confluence Server, Confluence Cloud, Migration App, Jira Core Data Center, … More
The post Atlassian fixes four critical RCE vulnerabilities, patch quickly! appeared first on Help Net Security.