{"vulnerability": "CVE-2023-2250", "sightings": [{"uuid": "ec6d10d5-e205-48de-a7f0-8cbf71c15f5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22501", "type": "seen", "source": "https://t.me/alexmakus/4901", "content": "\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Jira, \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u0442\u0430\u043a\u043e\u0433\u043e \u043d\u0435 \u0431\u044b\u043b\u043e \u0438 \u0432\u043e\u0442 \u043e\u043f\u044f\u0442\u044c! \n\nhttps://www.bleepingcomputer.com/news/security/atlassian-fixes-critical-bug-giving-access-to-jira-service-management/\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22501", "creation_timestamp": "2023-02-03T14:38:06.000000Z"}, {"uuid": "a24fb56c-e268-46fe-9ae9-a84c515666fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22501", "type": "seen", "source": "https://gist.github.com/Himan10/98474612ad796faf756bf1db810daf82", "content": "", "creation_timestamp": "2025-04-15T16:45:02.000000Z"}, {"uuid": "d53a4706-655f-4438-bed9-cf94293386f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22505", "type": "seen", "source": "https://t.me/true_secator/4652", "content": "Atlassian \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Confluence Data Center \u0438 Server, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Bamboo Data Center.\n\n\u0421\u0430\u043c\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0438\u0437 \u044d\u0442\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-22508 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8,5) \u0438 \u0437\u0430\u043a\u0440\u0430\u043b\u0430\u0441\u044c \u0432 Confluence \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 7.4.0, \u0430 \u0434\u0440\u0443\u0433\u0430\u044f CVE-2023-22505 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8,0) - \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 8.0.0.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0431\u0435\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0447\u0442\u043e \u043f\u043e\u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c.\n\n\u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u043f\u0440\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043a\u0430\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c.\n\n\u041e\u0431\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0439 Confluence 8.3.2 \u0438 8.4.0.\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0434\u043e 8.2.0, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 CVE-2023-22508.\n\nAtlassian \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f CVE-2023-22506 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7,5), \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 RCE \u0432 Bamboo Data Center.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u044f\u0432\u0438\u0432\u0448\u0430\u044f\u0441\u044f \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 8.0.0 Bamboo, \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c 9.2.3 \u0438 9.3.1 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435, \u0434\u0430\u0436\u0435 \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e Atlassian \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0412\u0435\u0434\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.", "creation_timestamp": "2023-07-25T11:48:45.000000Z"}, {"uuid": "4e3342e1-4977-4c55-9453-563dcfcc7e58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22501", "type": "seen", "source": "https://t.me/kasperskyb2b/445", "content": "\u0414\u0430\u0439\u0434\u0436\u0435\u0441\u0442 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u0437\u0430 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0443\u044e \u043d\u0435\u0434\u0435\u043b\u044e \u23ec\n\n\ud83d\udcbb \u0414\u0435\u0444\u0438\u0446\u0438\u0442 \u0418\u0422-\u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u043e\u0449\u0443\u0449\u0430\u0435\u0442\u0441\u044f \u0434\u0430\u0436\u0435 \u0443 \u043a\u0438\u0431\u0435\u0440\u043a\u0440\u0438\u043c\u0438\u043d\u0430\u043b\u0430. \u041f\u043e \u043d\u0430\u0448\u0435\u043c\u0443 \u0430\u043d\u0430\u043b\u0438\u0437\u0443, \u0432 \u043f\u043e\u0434\u043f\u043e\u043b\u044c\u0435 \u043e\u0445\u043e\u0442\u043d\u0435\u0439 \u0432\u0441\u0435\u0433\u043e \u043d\u0430\u043d\u0438\u043c\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 (61% \u0432\u0441\u0435\u0445 \u043e\u0431\u044a\u044f\u0432\u043b\u0435\u043d\u0438\u0439 \u043d\u0430 \u0434\u0430\u0440\u043a\u043d\u0435\u0442-\u0444\u043e\u0440\u0443\u043c\u0430\u0445), \u0430 \u0441\u0430\u043c\u0443\u044e \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u043c\u0435\u0434\u0438\u0430\u043d\u043d\u0443\u044e \u0437\u0430\u0440\u043f\u043b\u0430\u0442\u0443 \u0441\u0443\u043b\u044f\u0442 \u0440\u0435\u0432\u0435\u0440\u0441\u0435\u0440\u0430\u043c. \u041d\u043e \u0440\u0430\u0431\u043e\u0442\u0430 \u043d\u0430\u0439\u0434\u0451\u0442\u0441\u044f \u0438 \u0434\u043b\u044f \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0435\u0440\u043e\u0432, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0438 \u0434\u0430\u0436\u0435 \u0434\u0438\u0437\u0430\u0439\u043d\u0435\u0440\u043e\u0432. \u0412 \u0441\u043e\u0446\u043f\u0430\u043a\u0435\u0442, \u0440\u0430\u0437\u0443\u043c\u0435\u0435\u0442\u0441\u044f, \u0432\u0445\u043e\u0434\u0438\u0442 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u0438\u0434\u043a\u0438.\n\n\u203c\ufe0f \u041f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e \u0420\u0424 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0430\u043b\u043e \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u044e \u0437\u0430\u043a\u043e\u043d\u043e\u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u043e \u0432\u0432\u0435\u0434\u0435\u043d\u0438\u0438 \u0443\u0433\u043e\u043b\u043e\u0432\u043d\u043e\u0439 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0437\u0430 \u043d\u0435\u0437\u0430\u043a\u043e\u043d\u043d\u044b\u0435 \u0441\u0431\u043e\u0440, \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0443 \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u0424\u043e\u0440\u043c\u0443\u043b\u0438\u0440\u043e\u0432\u043a\u0438 \u0437\u0430\u043a\u043e\u043d\u0430 \u0431\u0443\u0434\u0443\u0442 \u0434\u043e\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c\u0441\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u043a\u0430 \u043d\u0435\u043f\u043e\u043d\u044f\u0442\u043d\u043e, \u0432 \u043a\u0430\u043a\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u043d\u0430 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 \u0418\u0422 \u0438 \u0418\u0411, \u043f\u043e\u0434 \u043d\u0430\u0434\u0437\u043e\u0440\u043e\u043c \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u0430 \u0443\u0442\u0435\u0447\u043a\u0430. \u041e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u0448\u0443\u0442\u043e\u0447\u043d\u0430\u044f, \u0434\u043e \u0434\u0435\u0441\u044f\u0442\u0438 \u043b\u0435\u0442 \u0437\u0430 \u0440\u0435\u0448\u0435\u0442\u043a\u043e\u0439. \n\n\ud83e\ude7c \u0412\u0437\u043b\u043e\u043c GitHub, \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043d\u0435\u0434\u0435\u043b\u0438, \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 Atom \u0438 Desktop, \u0441\u043e\u0432\u0435\u0440\u0448\u0451\u043d\u043d\u044b\u043c \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043a\u0440\u0430\u0434\u0435\u043d\u044b\u0445 \u0442\u043e\u043a\u0435\u043d\u043e\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u041f\u043e \u0442\u0435\u043a\u0443\u0449\u0438\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 GitHub \u0438 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043d\u0435 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u0438. \u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043d\u0435 \u0440\u0435\u0448\u0451\u043d\u043d\u0430\u044f \u0434\u043e \u043a\u043e\u043d\u0446\u0430 \u2013 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b GitHub, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438. \u0422\u043e\u043b\u044c\u043a\u043e \u0442\u0440\u0438 \u0438\u0437 \u043d\u0438\u0445 \u043d\u0435 \u0431\u044b\u043b\u0438 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c\u0438 \u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043a\u0440\u0430\u0436\u0438 (6 \u0434\u0435\u043a\u0430\u0431\u0440\u044f), \u043d\u043e \u0434\u0432\u0430 \u0438\u0441\u0442\u0435\u043a\u043b\u0438 \u043d\u0430 \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0438\u0439 \u0434\u0435\u043d\u044c, \u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 MacOS, \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u0435\u043d \u0434\u043e 2027 \u0433\u043e\u0434\u0430, \u043d\u043e \u0443\u0436\u0435 \u043e\u0442\u043e\u0437\u0432\u0430\u043d 2 \u0444\u0435\u0432\u0440\u0430\u043b\u044f. \u0422\u0430\u043a\u0436\u0435 \u0432 \u0443\u0442\u0435\u0447\u043a\u0435 \u043d\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442\u0441\u044f \u043f\u0430\u0440\u043e\u043b\u044c, \u043d\u0443\u0436\u043d\u044b\u0439 \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432. \u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0433\u043e GitHub, \u043d\u0435\u043b\u044c\u0437\u044f \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u0442\u044c \u0441\u043e \u0441\u0447\u0435\u0442\u043e\u0432. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c GitHub Desktop \u043d\u0443\u0436\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043d\u0430 \u0441\u0432\u0435\u0436\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e, \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u0443\u044e \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u044b\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c.\n\n\ud83d\udc8e \u0412\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0440\u044b\u043d\u043a\u0435 \u0434\u0435\u0440\u0438\u0432\u0430\u0442\u0438\u0432\u043e\u0432. \u0410\u0442\u0430\u043a\u0430, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u043f\u0440\u043e\u0432\u0435\u0434\u0451\u043d\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 LockBit, \u0432\u044b\u0432\u0435\u043b\u0430 \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u0447\u0430\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0434\u0443\u0431\u043b\u0438\u043d\u0441\u043a\u043e\u0439  ION Group, \u0442\u0440\u0435\u0439\u0434\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u0438 \u0444\u0438\u043d\u0442\u0435\u0445-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438. \u042d\u0442\u043e \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u0438\u043b\u043e 42 \u043a\u0440\u0443\u043f\u043d\u044b\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0432 \u0421\u0428\u0410 \u0438 \u0415\u0432\u0440\u043e\u043f\u0435 \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u0442\u043e\u0440\u0433\u043e\u0432\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u0438\u0442\u043e\u0433\u0435 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0432\u0440\u0443\u0447\u043d\u0443\u044e.  \u0418\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0418\u0411-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u043e \u0438 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u0440\u0435\u0433\u0443\u043b\u044f\u0442\u043e\u0440\u044b. \u041f\u043e \u043f\u0435\u0440\u0432\u0438\u0447\u043d\u043e\u0439 \u043e\u0446\u0435\u043d\u043a\u0435, \u043e\u043d \u00ab\u043d\u0435 \u0441\u043e\u0437\u0434\u0430\u0451\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u0438\u0441\u043a\u043e\u0432 \u0434\u043b\u044f \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u043a\u0442\u043e\u0440\u0430\u00bb, \u043d\u043e, \u043a\u0430\u043a \u044d\u0442\u043e \u0447\u0430\u0441\u0442\u043e \u0431\u044b\u0432\u0430\u0435\u0442, \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0439 \u043c\u0430\u0441\u0448\u0442\u0430\u0431 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043c\u043e\u0436\u0435\u0442 \u0441\u0442\u0430\u0442\u044c \u0438\u0437\u0432\u0435\u0441\u0442\u0435\u043d \u043f\u043e\u0437\u0434\u043d\u0435\u0435. \u041f\u043e\u043a\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u0440\u044f\u0434 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 ION, \u0430 \u044d\u0442\u043e \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u0431\u0430\u043d\u043a\u0438, \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u0437\u0430\u043a\u0430\u0437\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043d\u044f\u0442\u044c \u0434\u043e \u043f\u044f\u0442\u0438 \u0434\u043d\u0435\u0439. \u0410\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u0432 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u043c \u0441\u0435\u043a\u0442\u043e\u0440\u0435, \u0443\u0432\u044b, \u0443\u0447\u0430\u0449\u0430\u044e\u0442\u0441\u044f.\n\n\ud83d\udcb6 \u0420\u0435\u043a\u043e\u0440\u0434\u044b DDoS  \u0437\u0430 2022 \u0433\u043e\u0434 \u0431\u044b\u043b\u0438 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0420\u043e\u0441\u0441\u0438\u0438. \u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u0438 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0430 \u0430\u0442\u0430\u043a \u0437\u0430\u043c\u0435\u0447\u0435\u043d \u0438 \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u0440\u0435\u0433\u0438\u043e\u043d\u0430\u0445 \u2013 FS-ISAC \u043e\u0442\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0435\u0432\u0440\u043e\u043f\u0435\u0439\u0441\u043a\u0438\u0435 \u0431\u0430\u043d\u043a\u0438 \u043e\u0442\u0440\u0430\u0437\u0438\u043b\u0438 \u043d\u0430 73% \u0431\u043e\u043b\u044c\u0448\u0435 DDoS.\n\n\ud83d\udddc \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c NAS \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0430 QNAP \u0441\u043d\u043e\u0432\u0430 \u0432\u044b\u043d\u0443\u0436\u0434\u0435\u043d\u044b \u0441\u0440\u043e\u0447\u043d\u043e \u043f\u0430\u0442\u0447\u0438\u0442\u044c\u0441\u044f. SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c NAS, \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442. \u0422\u0430\u043a\u0430\u044f \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u0435\u0442\u0438 \u043e\u043a\u043e\u043b\u043e 30 \u0442\u044b\u0441\u044f\u0447 \u0440\u0430\u0437. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0430 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430 QNAP \u0443\u0436\u0435 \u043d\u0435 \u0440\u0430\u0437 \u043f\u043e\u043a\u0443\u0448\u0430\u043b\u0438\u0441\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b ransomware.\n \n\ud83d\udee0 \u041d\u0435\u0434\u0435\u043b\u044f \u0431\u044b\u043b\u0430 \u0431\u043e\u0433\u0430\u0442\u0430 \u043d\u0430 enterprise-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.  \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f (CVE-2023-22501, CVSS 9.4) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Jira Service Management Center \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0431\u0430\u0433 Cisco IOx (CVE-2023-20076, CVSS 7.2) \u0434\u0430\u0451\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c\u0443 \u043a\u043e\u0434\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043a\u0430\u043a root \u043d\u0430 \u0445\u043e\u0441\u0442-\u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0430 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0432 F5 BIG-IP (CVE-2023-22374) \u0433\u0440\u043e\u0437\u044f\u0442 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.", "creation_timestamp": "2023-02-07T10:17:47.000000Z"}, {"uuid": "64f69551-44dd-41a3-afda-ee6776624e08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22503", "type": "seen", "source": "https://t.me/arpsyndicate/2415", "content": "#ExploitObserverAlert\n\nCVE-2023-22503\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22503. Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.  This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.  The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.\n\nFIRST-EPSS: 0.000690000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2024-01-04T03:05:54.000000Z"}, {"uuid": "61284990-1936-4304-89d5-139181a1e544", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22501", "type": "seen", "source": "https://t.me/arpsyndicate/1787", "content": "#ExploitObserverAlert\n\nCVE-2023-22501\n\nDESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-22501. An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases:  * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a \u201cView Request\u201d link from these users.  Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.\n\nFIRST-EPSS: 0.001430000\nNVD-IS: 5.2\nNVD-ES: 3.9", "creation_timestamp": "2023-12-12T01:34:50.000000Z"}, {"uuid": "948d73b1-de6c-4372-8a62-246fc4a72f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22505", "type": "seen", "source": "Telegram/PlWKWcEIUGV-3V7vzZTscOLxnvahoNI8O7sxl1fcRROSAA", "content": "", "creation_timestamp": "2023-07-25T07:27:05.000000Z"}, {"uuid": "709e058a-83df-40ab-9211-1446a6dbcef3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22505", "type": "exploited", "source": "https://t.me/kasperskyb2b/767", "content": "\ud83e\ude79\ud83e\ude79\ud83e\ude79 \u0426\u0435\u043b\u044b\u0439 \u0431\u0443\u043a\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0441\u0440\u043e\u0447\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f:\n\niOS \u0438 MacOS:  \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0432\u0448\u0438\u0435\u0441\u044f CVE-2023-37450 \u0438 CVE-2023-38606 \u0432 iOS/iPadOS. \u0412\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 #iOSTriangulation. \u0412\u0441\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 25 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\nConfluence \u0438 Bamboo \u043e\u0442 Atlassian: \u0442\u0440\u0438 RCE (CVE-2023-22505, -22508 \u0438 -22506, CVSS 7.5-8.5). \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d. \u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0430 \u0434\u043b\u044f Confluence Data Center \u0438 Confluence Server \u043b\u0438\u043d\u0435\u0439\u043a\u0438 8, \u0432\u0442\u043e\u0440\u0430\u044f - \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 7 \u0438 8, \u0430 \u0442\u0440\u0435\u0442\u044c\u044f \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043a Bamboo. \n\n\u0414\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f EMM-\u0440\u0435\u0448\u0435\u043d\u0438\u0435\u043c Ivanti (\u0432 \u0434\u0435\u0432\u0438\u0447\u0435\u0441\u0442\u0432\u0435 MobileIron Core), \u0432 \u0432\u043e\u0441\u043a\u0440\u0435\u0441\u0435\u043d\u044c\u0435 \u0432\u044b\u0448\u043b\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435, \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-35078. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0438\u043c\u0435\u043d\u0430, \u043d\u043e\u043c\u0435\u0440\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432 \u0438 \u0442.\u043f.). \u0438\u0445 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u043d\u043e\u0441\u0438\u0442\u044c \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f. \u0411\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0442\u043e\u043b\u044c\u043a\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u043d\u043e \u0443\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0433\u043e\u0441\u043e\u0440\u0433\u0430\u043d\u044b \u041d\u043e\u0440\u0432\u0435\u0433\u0438\u0438.   \n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2023-07-25T13:31:40.000000Z"}, {"uuid": "995f1c06-7f8a-4195-a362-a261ac5631e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22501", "type": "seen", "source": "https://t.me/ctinow/91134", "content": "Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)\n\nhttps://ift.tt/GJ20ysV", "creation_timestamp": "2023-02-03T11:57:17.000000Z"}, {"uuid": "ae9b531d-78b6-48ca-a1c5-4e23257397e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22505", "type": "seen", "source": "https://t.me/KomunitiSiber/538", "content": "Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo\nhttps://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html\n\nAtlassian has\u00a0released\u00a0updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems.\nThe list of the flaws is below -\n\nCVE-2023-22505\u00a0(CVSS score: 8.0) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.2 and", "creation_timestamp": "2023-07-25T09:03:10.000000Z"}, {"uuid": "496941fc-ece3-4f78-bd0e-7e36ed6436c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22501", "type": "seen", "source": "https://t.me/true_secator/4029", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0431\u0430\u0433 \u0432 Jira Service Management Server \u0438 Data Center \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Jira.\n\n\u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Atlassian, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430\u0445 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0443 Jira Service Management, \u0432\u044b\u0434\u0430\u0432\u0430\u044f \u0435\u0433\u043e \u0437\u0430 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u0415\u0441\u043b\u0438 \u0432 Jira Service Management \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u0430\u044f \u043f\u043e\u0447\u0442\u0430, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0442\u043e\u043a\u0435\u043d\u0430\u043c \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441 \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0437\u0430\u043f\u0438\u0441\u044f\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u0432\u0445\u043e\u0434\u0438\u043b\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n\u041a\u043e\u0432\u0430\u0440\u043d\u044b\u0439 \u0437\u0430\u043c\u044b\u0441\u0435\u043b \u0441 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435\u043c \u0442\u043e\u043a\u0435\u043d\u043e\u0432 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d \u0432 \u0434\u0432\u0443\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f\u0445:\n\n1. \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432 \u0437\u0430\u0434\u0430\u0447\u0438 \u0438\u043b\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u044b Jira \u0441 \u044d\u0442\u0438\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438\n\n2. \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u043c \u043f\u0438\u0441\u044c\u043c\u0430\u043c, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u043c \u0441\u0441\u044b\u043b\u043a\u0443 \u00ab\u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u00bb \u043e\u0442 \u044d\u0442\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 9,4 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-22501 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Jira Service Management Server \u0438 Data Center \u0432\u0435\u0440\u0441\u0438\u0439 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1 \u0438 5.5.0.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Atlassian, \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u044b\u043c\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u043c\u0438 \u0442\u0430\u043a\u0438\u0445 \u0430\u0442\u0430\u043a \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0431\u043e\u0442\u043e\u0432. \n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043d\u0430 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430\u0445 \u0441 \u0435\u0434\u0438\u043d\u044b\u043c \u0432\u0445\u043e\u0434\u043e\u043c \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b, \u0435\u0441\u043b\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u043e \u0434\u043b\u044f \u0432\u0441\u0435\u0445.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 Jira Service Management Server \u0438 Data Center 5.3.3, 5.4.2, 5.5.1 \u0438 5.6.0 \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Jira.", "creation_timestamp": "2023-02-06T16:17:17.000000Z"}, {"uuid": "94c7a7b7-ef70-4969-982e-3843f84bc83b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22508", "type": "seen", "source": "https://t.me/true_secator/4652", "content": "Atlassian \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Confluence Data Center \u0438 Server, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Bamboo Data Center.\n\n\u0421\u0430\u043c\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0438\u0437 \u044d\u0442\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-22508 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8,5) \u0438 \u0437\u0430\u043a\u0440\u0430\u043b\u0430\u0441\u044c \u0432 Confluence \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 7.4.0, \u0430 \u0434\u0440\u0443\u0433\u0430\u044f CVE-2023-22505 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8,0) - \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 8.0.0.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0431\u0435\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0447\u0442\u043e \u043f\u043e\u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c.\n\n\u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u043f\u0440\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043a\u0430\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c.\n\n\u041e\u0431\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0439 Confluence 8.3.2 \u0438 8.4.0.\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0434\u043e 8.2.0, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 CVE-2023-22508.\n\nAtlassian \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f CVE-2023-22506 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7,5), \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 RCE \u0432 Bamboo Data Center.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u044f\u0432\u0438\u0432\u0448\u0430\u044f\u0441\u044f \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 8.0.0 Bamboo, \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c 9.2.3 \u0438 9.3.1 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435, \u0434\u0430\u0436\u0435 \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e Atlassian \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0412\u0435\u0434\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.", "creation_timestamp": "2023-07-25T11:48:45.000000Z"}, {"uuid": "16c8ba43-26bd-476b-8346-95ce3b5d4569", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22506", "type": "seen", "source": "https://t.me/true_secator/4652", "content": "Atlassian \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Confluence Data Center \u0438 Server, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Bamboo Data Center.\n\n\u0421\u0430\u043c\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0438\u0437 \u044d\u0442\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-22508 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8,5) \u0438 \u0437\u0430\u043a\u0440\u0430\u043b\u0430\u0441\u044c \u0432 Confluence \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 7.4.0, \u0430 \u0434\u0440\u0443\u0433\u0430\u044f CVE-2023-22505 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8,0) - \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 8.0.0.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0431\u0435\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0447\u0442\u043e \u043f\u043e\u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c.\n\n\u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u043f\u0440\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043a\u0430\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c.\n\n\u041e\u0431\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0439 Confluence 8.3.2 \u0438 8.4.0.\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0434\u043e 8.2.0, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 CVE-2023-22508.\n\nAtlassian \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f CVE-2023-22506 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7,5), \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 RCE \u0432 Bamboo Data Center.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u044f\u0432\u0438\u0432\u0448\u0430\u044f\u0441\u044f \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 8.0.0 Bamboo, \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c 9.2.3 \u0438 9.3.1 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435, \u0434\u0430\u0436\u0435 \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e Atlassian \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0412\u0435\u0434\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.", "creation_timestamp": "2023-07-25T11:48:45.000000Z"}, {"uuid": "28b606c4-40fb-46d4-9b56-b3f8b708b557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22508", "type": "seen", "source": "https://t.me/cibsecurity/66978", "content": "\u203c CVE-2023-22508 \u203c\n\nThis High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.19.8 of Confluence Data Center &amp; Server.This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to this fixed version: 8.2.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html|https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Data Center &amp; Server from the download center ([https://www.atlassian.com/software/confluence/download-archives|https://www.atlassian.com/software/confluence/download-archives]).This vulnerability was discovered by a private user and reported via our Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T02:41:16.000000Z"}, {"uuid": "2b705252-6234-4f35-a1b8-2c8e60934bc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22505", "type": "seen", "source": "https://t.me/cibsecurity/66961", "content": "\u203c CVE-2023-22505 \u203c\n\nThis High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center &amp; Server.This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).] You can download the latest version of Confluence Data Center &amp; Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] This vulnerability was discovered by a private user and reported via our Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T00:36:22.000000Z"}, {"uuid": "38f28fa6-81e6-43d2-b119-76f47b100031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2250", "type": "seen", "source": "https://t.me/cibsecurity/62767", "content": "\u203c CVE-2023-2250 \u203c\n\nA flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-25T00:19:32.000000Z"}, {"uuid": "1fee7a33-abb4-4a7f-a160-743ffd76e04e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22503", "type": "seen", "source": "https://t.me/cibsecurity/63138", "content": "\u203c CVE-2023-22503 \u203c\n\nAffected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-01T20:29:52.000000Z"}, {"uuid": "75188aaa-71b4-489d-966f-0c6b34b48494", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22506", "type": "seen", "source": "https://t.me/thehackernews/3641", "content": "\u26a0\ufe0f Atlassian addresses critical vulnerabilities (CVE-2023-22505, CVE-2023-22508 and CVE-2023-22506) in Confluence Server, Data Center, and Bamboo Data Center. \n \nRead: https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html \n \nUpdate now to protect against remote code execution attacks.", "creation_timestamp": "2023-07-25T06:59:17.000000Z"}, {"uuid": "d2442880-6252-40fd-a69c-01f07d2e69bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22501", "type": "seen", "source": "https://t.me/cibsecurity/57341", "content": "\u203c CVE-2023-22501 \u203c\n\nAn authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a \u00e2\u20ac\u0153View Request\u00e2\u20ac\ufffd link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T22:14:13.000000Z"}, {"uuid": "1464afe8-e142-4eb3-adb4-4636117248d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22501", "type": "seen", "source": "https://t.me/thehackernews/3015", "content": "A new critical authentication vulnerability (CVE-2023-22501) has been discovered in Atlassian's Jira Service Management Server and Data Center products that could allow attackers to gain unauthorized access to vulnerable instances.\n\nRead: https://thehackernews.com/2023/02/atlassians-jira-software-found.html", "creation_timestamp": "2023-02-03T09:01:15.000000Z"}, {"uuid": "b986aa0f-02c1-4ea5-87f3-86e2154e0108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22505", "type": "seen", "source": "https://t.me/thehackernews/3641", "content": "\u26a0\ufe0f Atlassian addresses critical vulnerabilities (CVE-2023-22505, CVE-2023-22508 and CVE-2023-22506) in Confluence Server, Data Center, and Bamboo Data Center. \n \nRead: https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html \n \nUpdate now to protect against remote code execution attacks.", "creation_timestamp": "2023-07-25T06:59:17.000000Z"}, {"uuid": "90b51050-9081-4bb9-abb3-d96347579502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22501", "type": "seen", "source": "https://t.me/thehackernews/3017", "content": "A new critical authentication #vulnerability (CVE-2023-22501) has been discovered in Atlassian's Jira Service Management Server and Data Center products that could allow attackers to gain unauthorized access to vulnerable instances.\n\nRead: https://thehackernews.com/2023/02/atlassians-jira-software-found.html", "creation_timestamp": "2023-02-03T13:41:43.000000Z"}, {"uuid": "06f4cc31-4b00-46da-9910-4adc5acf61a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22508", "type": "seen", "source": "https://t.me/thehackernews/3641", "content": "\u26a0\ufe0f Atlassian addresses critical vulnerabilities (CVE-2023-22505, CVE-2023-22508 and CVE-2023-22506) in Confluence Server, Data Center, and Bamboo Data Center. \n \nRead: https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html \n \nUpdate now to protect against remote code execution attacks.", "creation_timestamp": "2023-07-25T06:59:17.000000Z"}, {"uuid": "2a0b8520-57a4-47de-9466-cf624f68697c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22501", "type": "seen", "source": "https://t.me/canyoupwnme/6856", "content": "Jira Service Management Server and Data Center Advisory (CVE-2023-22501)\nhttps://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-2023-02-01-1188786458.html", "creation_timestamp": "2023-02-03T22:41:17.000000Z"}]}