VDB
CVE-2023-22524
CVE-2023-22524
PUBLISHED
In Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software existieren mehrere Schwachstellen aufgrund von Fehlern in der SnakeYAML-Komponente, Fehlern bei der Prüfung von Eingaben, einem Fehler in der Companion-App sowie einem Fehler im Assets Discovery Agent zurückzuführen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen.
EPSS 32.02% · 96.9th percentile
Risk Scores
EPSS Score
32.02%
96.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Atlassian Confluence Data Center | |
| Atlassian | Atlassian Confluence < 8.6.2 | |
| Atlassian | Atlassian Jira Software Core Data Center | |
| Atlassian | Atlassian Jira Software < 9.4.13 | |
| Atlassian | Atlassian Confluence < 8.5.4 | |
| Atlassian | Atlassian Confluence < 8.3.4 | |
| Atlassian | Atlassian Bitbucket < 8.13.3 | |
| Atlassian | Atlassian Jira Software Core Server | |
| Atlassian | Atlassian Bitbucket < 8.12.4 | |
| Atlassian | Atlassian Confluence < 8.4.5 | |
| Atlassian | Atlassian Confluence < 8.7.1 | |
| Atlassian | Atlassian Bamboo < 9.2.7 | |
| Atlassian | Atlassian Bitbucket < 8.14.2 | |
| Atlassian | Atlassian Bitbucket < 8.11.6 | |
| Atlassian | Atlassian Confluence < 7.19.17 | |
| Atlassian | Atlassian Jira Software Management Cloud | |
| Atlassian | Atlassian Jira Software Service Management < 4.20.28 | |
| Atlassian | Atlassian Bitbucket Server | |
| Atlassian | Atlassian Bamboo < 9.3.5 | |
| Atlassian | Atlassian Jira Software Software Data Center |
…and 9 more
Exploit Intelligence
- Atlassian Companion RCE Vulnerability Proof of Concept (github-poc)
- Atlassian Companion RCE Vulnerability Proof of Concept (github-poc)
- Atlassian Companion RCE Vulnerability Proof of Concept (github-poc)
- Atlassian Companion RCE Vulnerability Proof of Concept (github-poc)
- Atlassian Companion RCE Vulnerability Proof of Concept (github-poc)
- Atlassian Companion RCE Vulnerability Proof of Concept (github-poc)
- imperva/CVE-2023-22524 (github-poc)
- imperva/CVE-2023-22524 (github-poc)
- imperva/CVE-2023-22524 (github-poc)
- imperva/CVE-2023-22524 (github-poc)
…and 7 more exploits
Timeline
- Dec 5, 2023 CVE Published
- Dec 6, 2023 EPSS Score
- Dec 17, 2023 CVE Updated
- Jan 5, 2024 EPSS Score
- Jan 30, 2024 PoC Published
- Mar 4, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- May 31, 2024 EPSS Score
- Jun 30, 2024 EPSS Score
- Aug 28, 2024 EPSS Score
- Sep 26, 2024 EPSS Score
- Nov 24, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3063.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3063 advisory
- https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html advisory
- https://confluence.atlassian.com/security/cve-2023-22522-rce-vulnerability-in-confluence-data-center-and-confluence-server-1319570362.html advisory
- https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html advisory
- https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html advisory
- https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html advisory