{"vulnerability": "CVE-2023-22522", "sightings": [{"uuid": "b54f5a0d-734a-49c1-8d0b-e41f1b769737", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22522", "type": "seen", "source": "https://bsky.app/profile/heinen.bsky.social/post/3lh23kadpks23", "content": "", "creation_timestamp": "2025-01-31T13:18:23.169469Z"}, {"uuid": "4924d724-848d-4b03-b6e3-af03d38f0342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-22522", "type": "seen", "source": "https://www.cert.at/de/warnungen/2023/12/kritische-sicherheitslucken-in-mehreren-produkten-von-atlassian-patches-verfugbar", "content": "", "creation_timestamp": "2023-12-06T21:41:11.000000Z"}, {"uuid": "007ffc64-3ab8-41f8-91bc-5661b38defe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22522", "type": "seen", "source": "https://t.me/cyberbannews_ir/10062", "content": "\ud83d\udce1 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u062c\u062f\u06cc\u062f \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0634\u0631\u06a9\u062a \u0627\u0633\u062a\u0631\u0627\u0644\u06cc\u0627\u06cc\u06cc\n\n\u26a0\ufe0f\u067e\u0633 \u0627\u0632 \u0627\u0646\u062a\u0634\u0627\u0631 \u0647\u0634\u062f\u0627\u0631\u06cc \u0645\u0628\u0646\u06cc \u0628\u0631 \u0648\u062c\u0648\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0634\u0631\u06a9\u062a \u0627\u0633\u062a\u0631\u0627\u0644\u06cc\u0627\u06cc\u06cc \u00abAtlassian\u00bb\u060c \u0645\u0639\u0644\u0648\u0645 \u0634\u062f \u06a9\u0647\n \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0646\u06cc\u0632 41 \u0633\u0631\u0648\u0631 Confluence \u0622\u0646\u0644\u0627\u06cc\u0646 \u0648 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f!\n\n\ud83d\udd38\u0627\u062e\u06cc\u0631\u0627\u064b 2 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc (CVE-2023-22522, -25524) \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 9 \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u00abConfluence Data Center\u00bb \u0648 \u00abConfluence Server\u00bb \u0634\u0631\u06a9\u062a \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u06cc \u0627\u0633\u062a\u0631\u0627\u0644\u06cc\u0627\u06cc\u06cc \u00abAtlassian\u00bb \u06a9\u0634\u0641 \u0634\u062f\u0647 \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0631\u0627 \u0645\u06cc\u200c\u062f\u0647\u062f.\n\n\ud83d\udd38\u0628\u0647 \u06af\u0641\u062a\u0647 \u06a9\u0627\u0631\u0634\u0646\u0627\u0633\u0627\u0646\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc\u062f \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u062f\u0647\u060c \u0627\u0632 \u062c\u0645\u0644\u0647 \u0645\u0647\u0627\u062c\u0645\u06cc \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0646\u0627\u0634\u0646\u0627\u0633\u060c \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u06a9\u0627\u0631\u0628\u0631 \u0646\u0627\u0627\u0645\u0646 \u0628\u0647 \u0635\u0641\u062d\u0647 \u00abConfluence\u00bb \u0646\u0641\u0648\u0630 \u06a9\u0646\u062f. \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0631\u0648\u06cc\u06a9\u0631\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (RCE) \u062f\u0631 \u06cc\u06a9 \u0646\u0645\u0648\u0646\u0647 \u0622\u0633\u06cc\u0628\u200c\u062f\u06cc\u062f\u0647 \u062f\u0633\u062a \u06cc\u0627\u0628\u062f. \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0633\u0631\u0648\u0631 \u0648 \u0645\u0631\u06a9\u0632 \u062f\u0627\u062f\u0647 Confluence \u062f\u0631 \u062e\u0637\u0631 \u0647\u0633\u062a\u0646\u062f \u0648 \u0646\u06cc\u0627\u0632 \u0628\u0647 \u062a\u0648\u062c\u0647 \u0641\u0648\u0631\u06cc \u062f\u0627\u0631\u0646\u062f. \n\n\ud83d\udd17 \u06af\u0632\u0627\u0631\u0634 \u06a9\u0627\u0645\u0644\n\n#\u0627\u0645\u0646\u06cc\u062a_\u0633\u0627\u06cc\u0628\u0631\u06cc #\u062a\u0647\u062f\u06cc\u062f_\u0633\u0627\u06cc\u0628\u0631\u06cc #\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc\n\n\ud83d\udcf2\u0633\u0640\u0627\u06cc\u0628\u0631\u0628\u0627\u0646 \n\n\u00a9@cyberbannews_ir", "creation_timestamp": "2023-12-10T08:23:12.000000Z"}, {"uuid": "4bfdc170-4fe2-40d5-a3fb-b7d331d099f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22522", "type": "seen", "source": "https://t.me/true_secator/5170", "content": "Atlassian \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0432\u043e\u0435\u043c \u041f\u041e, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE.\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435:\n\n- CVE-2022-1471\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9,8): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 SnakeYAML, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445;\n\n- CVE-2023-22522\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9,0): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Confluence Data Center and Confluence Server (\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 4.0.0 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435);\n\n- CVE-2023-22523\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9,8): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Assets Discovery \u0434\u043b\u044f Jira Service Management Cloud, Server \u0438 Data Center (\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043e 3.2.0-cloud/6.2.0 data center, \u043d\u043e \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0445);\n\n- CVE-2023-22524\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9,6): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 Atlassian Companion \u0434\u043b\u044f macOS (\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043e 2.0.0, \u043a\u0440\u043e\u043c\u0435 2.0.0).\n\nAtlassian \u043e\u043f\u0438\u0441\u0430\u043b\u0430 CVE-2023-22522 \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0448\u0430\u0431\u043b\u043e\u043d\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f, \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u0432\u0432\u043e\u0434 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443 Confluence, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Assets Discovery \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u0445 \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0430\u0433\u0435\u043d\u0442\u043e\u043c Assets Discovery.\n\nCVE-2023-22524 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f WebSockets \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0447\u0435\u0440\u043d\u043e\u0433\u043e \u0441\u043f\u0438\u0441\u043a\u0430 Atlassian Companion \u0438 \u0437\u0430\u0449\u0438\u0442\u044b macOS Gatekeeper.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0440\u0435\u0448\u0435\u043d\u0438\u044f Atlassian \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u0432\u0435\u043a\u0442\u043e\u0440\u0430\u043c\u0438 \u0430\u0442\u0430\u043a, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.", "creation_timestamp": "2023-12-06T16:45:05.000000Z"}, {"uuid": "120bd67e-3134-482c-bdfa-16ad14cd2845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22522", "type": "seen", "source": "https://t.me/kasperskyb2b/1053", "content": "\ud83d\udc40 \u041c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u044b\u0439 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c Atlassian\n\u043f\u0430\u0442\u0447\u0438\u043c Jira, Confluence \u0438 Bitbucket\n\n\u0427\u0435\u0442\u044b\u0440\u0435 CVE \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9\u20149.8 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0441\u0440\u043e\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043f\u0430\u0442\u0447\u0435\u0439 \u043a Confluence Data Center and Server, Jira service management cloud, Server &amp; Data cetner, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 SnakeYAML, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0432\u0435\u0440\u0441\u0438\u0439 Jira, Confluecne \u0438 Bitbucket.\n\n\ud83d\udd35 CVE-2023-22522 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0432 \u0434\u0430\u043d\u043d\u044b\u0435 Confluence \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b. \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d, \u043d\u043e \u0442\u0430\u043c, \u0433\u0434\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0451\u043d \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435, \u044d\u0442\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e. \n\n\ud83d\udd35 CVE-2023-22523 RCE \u0432  Assets Discovery agent, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u0432\u044b\u0441\u043e\u043a\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u0445, \u0433\u0434\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e \u044d\u0442\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a Jira Service Management Cloud.  \u041f\u0440\u043e\u0441\u0442\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e, \u043d\u0443\u0436\u043d\u043e \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0430\u0433\u0435\u043d\u0442 \u043d\u0430 \u0432\u0441\u0435\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u0445, \u0433\u0434\u0435 \u043e\u043d \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d, \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0430\u0442\u0447\u0438, \u0430 \u0437\u0430\u0442\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0430\u0433\u0435\u043d\u0442 \u0437\u0430\u043d\u043e\u0432\u043e.  \n\n\ud83d\udd35 CVE-2023-22524 RCE \u0432 Atlassian companion app, \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 \u0434\u043b\u044f MacOS \u043a Confluence Server \u0438 Confluence Data Center. \u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438, \u043d\u043e \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043e\u043d\u043e \u0434\u043e\u043b\u0436\u043d\u043e \u0431\u044b\u0442\u044c \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043e. \u0415\u0441\u043b\u0438 \u044d\u0442\u043e\u0433\u043e \u043d\u0435 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a \u043d\u0435 \u043f\u043e\u043c\u043e\u0433, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u0430 \u0434\u0435\u0438\u043d\u0441\u0442\u0430\u043b\u043b\u044f\u0446\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f-\u043a\u043e\u043c\u043f\u0430\u043d\u044c\u043e\u043d\u0430.\n\n\ud83d\udd35 CVE-2022-1471 \u00a0RCE \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 SnakeYAML, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u043b\u0438\u043d\u0435\u0439\u043a\u0438 Bitbucket, Confluence \u0438 Jira.  \u0420\u0435\u0439\u0442\u0438\u043d\u0433 9.8, \u043a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u043c\u0435\u0440 \u043d\u0435\u0442 \u2014 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0430\u0442\u0447\u0438\u0442\u044c\u0441\u044f.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2023-12-07T11:09:25.000000Z"}, {"uuid": "23986d1a-3688-45cc-8126-0d2b10edf742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22522", "type": "seen", "source": "https://t.me/alexmakus/5195", "content": "Atlassian \u043c\u043e\u043b\u043e\u0434\u0446\u044b, \u043d\u0430 9 \u0438\u0437 10 (\u0432 \u0441\u043c\u044b\u0441\u043b\u0435, \u043f\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439) \n\n \u2022 CVE-2023-22522: Template injection flaw allowing authenticated users, including those with anonymous access, to inject unsafe input into a Confluence page (critical, with a 9.0 severity score). The flaw impacts all Confluence Data Center and Server versions after 4.0.0 and up to 8.5.3.\n \u2022 CVE-2023-22523: Privileged RCE in Assets Discovery agent impacting Jira Service Management Cloud, Server, and Data Center (critical, with a 9.8\u00a0severity score). Vulnerable Asset Discovery versions are anything below 3.2.0 for Cloud and 6.2.0 for Data Center and Server.\n \u2022 CVE-2023-22524: Bypass of blocklist and macOS Gatekeeper on the companion app for Confluence Server and Data Center for macOS, impacting all versions of the app prior to 2.0.0 (critical, with a 9.6\u00a0severity score).\n \u2022 CVE-2022-1471: \u00a0RCE in SnakeYAML library impacting multiple versions of Jira, Bitbucket, and Confluence products (critical, with a 9.8\u00a0severity score).", "creation_timestamp": "2023-12-06T18:10:13.000000Z"}, {"uuid": "2d41f004-3f0a-497c-b45d-b8574cdd0449", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22522", "type": "seen", "source": "Telegram/lJbWmBycQ68efBmqsKUbA7FEEJX3-JVKrSRhUZE9c7byOw", "content": "", "creation_timestamp": "2023-12-06T14:30:35.000000Z"}, {"uuid": "2a2f8124-ebdd-435c-b31e-7aee307f03d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22522", "type": "seen", "source": "https://t.me/KomunitiSiber/1172", "content": "Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution\nhttps://thehackernews.com/2023/12/atlassian-releases-critical-software.html\n\nAtlassian has released software fixes to address\u00a0four critical flaws\u00a0in its software that, if successfully exploited, could result in remote code execution.\nThe list of vulnerabilities is below -\n\nCVE-2022-1471\u00a0(CVSS score: 9.8) - Deserialization vulnerability in\u00a0SnakeYAML library\u00a0that can lead to remote code execution in multiple products\nCVE-2023-22522\u00a0(CVSS score", "creation_timestamp": "2023-12-06T11:01:58.000000Z"}, {"uuid": "208abae6-8dc7-414f-b43e-0e308e5dc7bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22522", "type": "seen", "source": "https://t.me/ctinow/159056", "content": "https://ift.tt/70Xtady\nCVE-2023-22522 | Atlassian Confluence Data Center/Confluence Server prior 7.19.17/8.4.5/8.5.4/8.6.2/8.7.1 Template injection", "creation_timestamp": "2023-12-24T16:51:46.000000Z"}]}