Advanced Notice from Atlassian: RCE Vulnerabilities Identified in Multiple Products

Quick Summary: We, at Amrut Software, want to inform you about a crucial security update that affects Atlassian products. As a platinum partner of Atlassian, your security is our priority, and we're sharing this early notice to ensure your systems remain secure.

On December 6, 2023, at 12 AM EST / 5 AM UTC, a Critical severity security advisory will be publicly announced for multiple Atlassian products. Atlassian has discovered four critical vulnerabilities with a severity score of 9.0 or higher, demanding immediate action to safeguard your instances.

Affected Products and Vulnerabilities:

CVE-2022-1471 - SnakeYAML library RCE Vulnerability Impacts Multiple Products

Affected Versions + Mitigation (Updated on December 5 16:50 EST)

CVE-2023-22522 - RCE Vulnerability in Confluence Data Center and Server

Affected Versions + Mitigation

CVE-2023-22524 - RCE Vulnerability in Atlassian Companion App for MacOS

Affected Versions + Mitigation

CVE-2023-22523 - RCE Vulnerability in Assets Discovery (stand-alone app)

Affected Versions + Mitigation

Atlassian found these vulnerabilities during a routine security review, and while there's no evidence of exploitation, taking proactive measures is crucial to protect your data.

Please plan and act promptly upon this information, but remember, it is embargoed until the public release on December 6, 2023. Once released, follow the Critical Advisory for updates and mitigation instructions. Your security matters to Atlassian and to us.
For more details you can visit: Partner Portal blog.