Atlassian RCE Bugs Plague Confluence, Bamboo

The security vulnerabilities allow full takeover of Atlassian instances, so admins should patch now.

Three just-disclosed remote code execution (RCE) security vulnerabilities open up Atlassian Confluence Data Center & Server, and Bamboo, to system takeover, the software company is warning.
Confluence is a popular Web-based corporate wiki used for
collaboration in cloud and hybrid server environments
that allows one-click connections to a variety of different databases. More than 60,000 customers use Confluence, including LinkedIn, NASA, and the New York Times.
Bamboo, meanwhile, is a
continuous integration (CI) and continuous delivery (CD) server
for software development that provides automated building and testing of software source-code status.
Successful exploitation of any of the flaws could offer a wide-open door into users cloud infrastructure, software supply chain, and more. While threat actors need to be authenticated to be successful, no user interaction is required to exploit the bugs.
In Confluence, the vulnerabilities are tracked as
CVE-2023-22505
(CVSS 8.5) and
CVE-2023-22508
(CVSS 8.0). Both were patched in Confluence versions 8.3.2 and 8.4.0.
This injection and RCE vulnerability allow an authenticated attacker to modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability,” Atlassian noted in its security advisory on Confluence.
Meanwhile, the high-severity issue in the Bamboo Data Center (
CVE-2023-22506
, CVSS 7.5) was patched in versions 9.2.3 and 9.3.1.
[An attacker can] modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, according to Atlassian.
Given the sensitive nature of Atlassian within corporate networks, the US Cybersecurity and Infrastructure Security Agency (CISA) is urging that users apply the patches to their Atlassian instances as soon as possible.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Atlassian RCE Bugs Plague Confluence, Bamboo