{"uuid": "d1224ff0-40c3-484a-88a1-974022c057fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-1471", "type": "seen", "source": "https://t.me/alexmakus/5195", "content": "Atlassian \u043c\u043e\u043b\u043e\u0434\u0446\u044b, \u043d\u0430 9 \u0438\u0437 10 (\u0432 \u0441\u043c\u044b\u0441\u043b\u0435, \u043f\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439) \n\n \u2022 CVE-2023-22522: Template injection flaw allowing authenticated users, including those with anonymous access, to inject unsafe input into a Confluence page (critical, with a 9.0 severity score). The flaw impacts all Confluence Data Center and Server versions after 4.0.0 and up to 8.5.3.\n \u2022 CVE-2023-22523: Privileged RCE in Assets Discovery agent impacting Jira Service Management Cloud, Server, and Data Center (critical, with a 9.8\u00a0severity score). Vulnerable Asset Discovery versions are anything below 3.2.0 for Cloud and 6.2.0 for Data Center and Server.\n \u2022 CVE-2023-22524: Bypass of blocklist and macOS Gatekeeper on the companion app for Confluence Server and Data Center for macOS, impacting all versions of the app prior to 2.0.0 (critical, with a 9.6\u00a0severity score).\n \u2022 CVE-2022-1471: \u00a0RCE in SnakeYAML library impacting multiple versions of Jira, Bitbucket, and Confluence products (critical, with a 9.8\u00a0severity score).", "creation_timestamp": "2023-12-06T18:10:13.000000Z"}