CI Operators:
Atlassian has announced four critical remote code execution (RCE) vulnerabilities affecting multiple products, including Confluence Data Center and Server. All four vulnerabilities have CVSSv3 scores >= 9.0.
Impact:
Affected Software:
Recommendation:
Update to the latest version of Data Center or Server. There are no recommended mitigations.
References:
[1] https://confluence.atlassian.com/security/december-2023-security-advisories-overview-1318892103.html
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22522
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22523
[5] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22524
How Trusted CI can help:
The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI cannot provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (https://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.