Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps - Dark Reading

Application SecurityCyber RiskVulnerabilities & ThreatsRemote WorkforceNewsPatch Now: Critical Atlassian Bugs Endanger Enterprise AppsFour RCE vulnerabilities in Confluence, Jira, and other platforms, allow instance takeover and environment infestation.Tara Seals,Managing Editor, News,Dark ReadingDecember 6, 20233 Min ReadSource: Igor Golovnov via Alamy Stock PhotoIt's time to patch again: Four critical security vulnerabilities in Atlassian software open the door to remote code execution (RCE) and subsequent lateral movement within enterprise environments. They are just the latest bugs to surface of late in the software maker's collaboration and DevOps platforms, which tend to be a favorite target for cyberattackers.The vulnerabilities, which Atlassian issued fixes for on Tuesday, include:CVE-2022-1471 (CVSS vulnerability severity score of 9.8 out of 10): Deserialization in the SnakeYAML library, affecting multiple Atlassian software platforms.CVE-2023-22522 (CVSS 9): Authenticated template injection vulnerability affecting Confluence Server and Data Center. Someone logged into the system, even anonymously, can inject unsafe user input into a Confluence page and achieve RCE, according to Atlassian.CVE-2023-22523 (CVSS 9.8): Privileged RCE in the Assets Discovery network-scanning tool for Jira Service Management Cloud, Server, and Data Center. According to Atlassian's advisory, "The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent."CVE-2023-22524 (CVSS 9.6): RCE in the Atlassian Companion app for macOS, which is used for file editing in Confluence Data Center and Server. "An attacker could utilize WebSockets to bypass Atlassian Companion's blocklist and MacOS Gatekeeper to allow the execution of code," the advisory read.Atlassian Bugs Are Catnip to CyberattackersThe latest advisories come hard on the heels of a string of bug disclosures from Atlassian, which have been tied to both zero-day and post-patch exploitation.Atlassian software is a popular target for threat actors, especially Confluence, which is a popular Web-based corporate wiki used for collaboration in cloud and hybrid server environments. It allows one-click connections to a variety of different databases, making its utility for attackers nonpareil. More than 60,000 customers use Confluence, including LinkedIn, NASA, and the New York Times.If past is prologue, admins should patch the latest bugs immediately. In October, for instance, the software company rolled out security fixes for a max-severity RCE bug (CVSS 10) in Confluence Data Center and Server (CVE-2023-22515), which had been exploited prior to patching by a China-sponsored advanced persistent threat (APT) tracked as Storm-0062. A string of proof-of-concept exploits also quickly cropped up for it after disclosure, paving the way for mass exploitation attempts.Quickly after, in November, another RCE bug reared its head in Confluence Data Center and Server that had been exploited as a zero-day in the wild, originally listed with a 9.1 CVSS score. However, a glut of active ransomware and other cyberattacks after patches were released prompted Atlassian to up the severity score to 10.That same month, Atlassian revealed that the Bamboo continuous integration (CI) and continuous delivery (CD) server for software development, as well as Confluence Data Center and Server, were both vulnerable to yet another max-severity issue — this time in the Apache Software Foundation's (ASF) ActiveMQ message broker (CVE-2023-46604, CVSS 10). The bug, which was weaponized as an "n-day" bug, was also quickly furnished with PoC exploit code, allowing a remote attacker to execute arbitrary commands on affected systems. Atlassian has released fixes for both platforms.About the AuthorTara SealsManaging Editor, News, Dark ReadingTara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.See more from Tara SealsWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsAI SOC for MDR: The Structural Evolution of Managed Detection and ResponseHow Enterprises Are Developing Secure ApplicationsFrost Radar™: Non-human Identity Solutions2026 CISO AI Risk ReportGartner IGA Voice of the Customer 2026Access More ResearchWebinarsTips for Managing Cloud Security in a Hybrid Environment?Zero Trust Architecture for Cloud environments: Implementation RoadmapSecurity in the AI AgeIdentity Maturity Under Pressure: 2026 Findings and How to Catch UpBuilding a Robust SOC in a Post-AI WorldMore WebinarsYou May Also LikeApplication SecurityTrump Administration Rescinds Biden-Era Software Guidanceby Alexander CulafiJan 29, 2026Application SecurityMicrosoft Fixes Exploited Zero Day in Light Patch Tuesdayby Jai Vijayan, Contributing WriterDec 09, 2025Application SecurityIt Takes Only 250 Documents to Poison Any AI Modelby Jai Vijayan, Contributing WriterOct 22, 2025Cyberattacks & Data BreachesDeepSeek Breach Opens Floodgates to Dark Webby Emma ZaballosApr 22, 2025Editor's ChoiceCybersecurity OperationsRSAC 2026: AI Dominates, But Community Remains Key to SecurityRSAC 2026: AI Dominates, But Community Remains Key to SecuritybyKristina Beek,Rob WrightApr 2, 2026Threat IntelligenceAxios Attack Shows How Complex Social Engineering Is IndustrializedAxios Attack Shows How Complex Social Engineering Is IndustrializedbyAlexander CulafiApr 6, 20265 Min ReadICS/OT SecurityIranian Threat Actors Disrupt US Critical Infrastructure via Exposed PLCsIranian Threat Actors Disrupt US Critical Infrastructure via Exposed PLCsbyElizabeth MontalbanoApr 8, 20264 Min ReadWant more Dark Reading stories in your Google search results?2026 Security Trends & OutlooksThreat IntelligenceCybersecurity Predictions for 2026: Navigating the Future of Digital ThreatsJan 2, 2026Cyber RiskNavigating Privacy and Cybersecurity Laws in 2026 Will Prove DifficultJan 12, 2026|7 Min ReadEndpoint SecurityCISOs Face a Tighter Insurance Market in 2026Jan 5, 2026|7 Min ReadThreat Intelligence2026: The Year Agentic AI Becomes the Attack-Surface Poster ChildJan 30, 2026|8 Min ReadDownload the CollectionKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsTips for Managing Cloud Security in a Hybrid Environment?Thurs, May 7, 2026 at 1pm ESTZero Trust Architecture for Cloud environments: Implementation RoadmapTues, May 12, 2026 at 1pm ESTSecurity in the AI AgeTues, April 28, 2026 at 1pm ESTIdentity Maturity Under Pressure: 2026 Findings and How to Catch UpWed, May 6,2026 at 1pm ESTBuilding a Robust SOC in a Post-AI WorldThurs, March 19, 2026 at 1pm ESTMore WebinarsWhite PapersHow Sunrun Transformed Security Operations with AiStrikeAutonomous Pentesting at Machine Speed, Without False PositivesFixing Organizations' Identity Security PostureBest practices for incident response planningIndustry Report: AI, SOC, and Modernizing CybersecurityExplore More White PapersBlack Hat Asia | Marina Bay Sands, SingaporeExperience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass.GET YOUR PASSGISEC GLOBAL 2026GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills.📌 Book Your Space