VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment.
First off, a pair of issues from Atlassian. Most serious is CVE-2023-22527, a template injection flaw that can allow unauthenticated remote code execution (RCE) attacks. It scored a perfect CVSS rating of 10 out of 10 and affects Confluence Data Center and Server 8 versions released before December 5, 2023 and 8.4.5, which no longer receives fixes.
The solution: “immediately” patch each affected installation by updating to the latest available version, according to the vendor.
