VDB
WID-SEC-W-2023-2700
WID-SEC-W-2023-2700
PUBLISHED
CVSS 8.600000381469727 HIGH
Confluence ist eine kommerzielle Wiki-Software. Jira ist eine Webanwendung zur Softwareentwicklung. Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle. Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Risk Scores
CVSS v4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian Bamboo < 9.3.1 Data Center and Server | ||
| Atlassian Bitbucket < 8.13.1 Data Center and Server | ||
| Atlassian Bitbucket < 8.9.7 | ||
| Atlassian Confluence < 8.5.4 | ||
| Atlassian Bamboo < 9.2.5 Data Center and Server | ||
| Atlassian Bitbucket < 8.12.4 | ||
| Atlassian Confluence < 8.4.5 | ||
| Atlassian Bitbucket < 8.13.3 | ||
| Atlassian Bamboo < 9.2.7 | ||
| Atlassian Confluence < 8.6.2 | ||
| Atlassian Confluence < 7.19.17 | ||
| Atlassian Confluence < 8.3.4 | ||
| Atlassian Confluence < 8.5.2 Server and Data Center | ||
| Atlassian Confluence < 8.3.3 Server and Data Center | ||
| Atlassian Bitbucket < 8.14.2 | ||
| Atlassian Bitbucket < 7.21.18 | ||
| Atlassian Bamboo < 9.3.3 Data Center and Server | ||
| Atlassian Bamboo < 9.3.5 | ||
| Atlassian Bitbucket < 8.11.6 | ||
| Atlassian Confluence < 8.4.3 Server and Data Center |
Exploit Intelligence
- A potential Denial of Service issue in protobuf-java high severity GitHub Reviewed Published 5 days ago in protocolbuffers/protobuf • Updated yesterday Vulnerability details Dependabot alerts 2 Package com.google.protobuf:protobuf-java (maven) Affected versions < 3.16.1 >= 3.18.0, < 3.18.2 >= 3.19.0, < 3.19.2 Patched versions 3.16.1 3.18.2 3.19.2 Package com.google.protobuf:protobuf-kotlin (maven) Affected versions >= 3.18.0, < 3.18.2 >= 3.19.0, < 3.19.2 Patched versions 3.18.2 3.19.2 Pac... (github-poc-repo)
- quartz with CVE-2019-13990 (github-poc-repo)
- Reproduction of CVE-2020-36518 in Spring Boot 2.5.10 (github-poc-repo)
- simple application with a (unreachable!) CVE-2022-45688 vulnerability (github-poc-repo)
- simple application with a (unreachable!) CVE-2022-45688 vulnerability (github-poc-repo)
- simple application with a (unreachable!) CVE-2022-45688 vulnerability (github-poc-repo)
- simple application with a CVE-2022-45688 vulnerability (github-poc-repo)
- simple application with a CVE-2022-45688 vulnerability (github-poc-repo)
- NSE script for checking the presence of CVE-2023-22515 (github-poc-repo)
- edsonjt81/CVE-2023-22515-Scan. (github-poc-repo)
…and 81 more exploits
Timeline
- Oct 17, 2023 CVE Published
- Dec 12, 2023 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2700.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2700 advisory
- https://confluence.atlassian.com/security/security-bulletin-october-17-2023-1299929380.html url
- https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html url