Key Takeaways
- CERT-In’s August 2024 bulletin emphasizes the pressing want for organizations to replace their Atlassian merchandise because of important vulnerabilities. Immediate patch utility is important to handle these high-severity points and mitigate dangers.
- The vulnerabilities uncovered span a spread of extreme dangers, together with arbitrary code execution, cross-site scripting (XSS), and privilege escalation. These have an effect on a number of Atlassian merchandise, equivalent to Bamboo, Confluence, and Jira, posing important safety threats.
- Vital vulnerabilities are linked to particular variations of Atlassian software program: Bamboo variations previous to 9.6.5, Confluence variations earlier than 8.9.5, Crowd variations under 5.3.2, Jira variations older than 9.17.1, and Jira Service Administration variations earlier than 5.17.1.
- Notable vulnerabilities embrace CVE-2024-21689 in Bamboo, which impacts each Knowledge Heart and Server variations, and CVE-2024-37768 in Jira, which might allow unauthorized customers to achieve elevated permissions.
- Points with useful resource administration in built-in libraries, equivalent to Bouncy Fortress, might result in efficiency degradation or service disruptions. Upgrading to the most recent variations of those libraries is essential for sustaining system stability.
- Vulnerabilities in parts like Apache Tomcat have an effect on many Atlassian merchandise, with potential impacts together with service disruptions and system integrity breaches. Common updates to those parts are vital to stop exploitation.
- Vital vulnerabilities in Confluence might expose delicate information, together with inner communications and paperwork. Organizations should replace their techniques to guard in opposition to potential information breaches.
- The exploitation of previous vulnerabilities highlights the necessity for steady safety monitoring. Common safety assessments, immediate patching, and proactive measures are important for shielding in opposition to each new and present threats.
Overview
CERT-In has added a number of important Atlassian vulnerabilities to its catalog following the disclosure by the group in its August 2024 Safety Bulletin. These vulnerabilities
goal a spread of Atlassian merchandise, together with Bamboo, Confluence, and extra. This evaluation goals to totally look at these vulnerabilities, detailing their potential impacts, related dangers, and advisable mitigation methods.
The August 2024 Safety Bulletin from Atlassian addresses 9 high-severity vulnerabilities which have been mounted in current product updates. These vulnerabilities have been recognized by way of the corporate’s Bug Bounty program, penetration testing, and third-party library scans.
The group denoted that the vulnerabilities listed on this August 2024 bulletin are much less important in comparison with these present in Vital Safety Advisories, which can require rapid patches outdoors of the common month-to-month schedule.
A number of Atlassian Vulnerabilities Targets Merchandise and Providers
CERT-In’s Vulnerability Observe CIVN-2024-0258, issued on August 21, 2024, highlights a number of high-severity vulnerabilities throughout varied Atlassian merchandise, together with Bamboo Knowledge Heart and Server, Confluence Knowledge Heart and Server, Crowd Knowledge Heart and Server, Jira Knowledge Heart and Server, and Jira Service Administration Knowledge Heart and Server.
These vulnerabilities, affecting variations previous to 9.6.5 for Bamboo, 8.9.5 for Confluence, 5.3.2 for Crowd, 9.17.1 for Jira, and 5.17.1 for Jira Service Administration, might allow attackers to execute arbitrary code, carry out cross-site scripting (XSS) and cross-site request forgery (CSRF) assaults, exploit server-side request forgery (SSRF), entry delicate data, or trigger denial of service (DoS).
CVE-2024-21689: Excessive-Threat Vulnerability in Atlassian Bamboo
Atlassian Bamboo, a well-liked steady integration and deployment device, has been recognized with a extreme vulnerability cataloged as CVE-2024-21689. This flaw impacts each the Bamboo Knowledge Heart and Bamboo Server variations, posing a danger to organizations that depend on these platforms for his or her CI/CD pipelines.
The vulnerability in query pertains to a important performance inside Bamboo, though particular particulars in regards to the nature of the flaw stay considerably restricted. The Widespread Vulnerability Scoring System (CVSS) rating for this vulnerability is 7.6, categorizing it as high-risk. Given Bamboo’s central position in automating software program growth and deployment processes, the potential impression of this vulnerability is substantial. Exploiting this flaw might result in unauthorized entry, information breaches, or disruptions in deployment workflows.
To mitigate the related dangers, organizations utilizing affected variations of Bamboo are strongly suggested to improve to the most recent launch. Atlassian has addressed this concern in current updates, which embrace important safety patches to shut the recognized vulnerabilities.
CVE-2024-29857: Useful resource Exhaustion Vulnerability in Bouncy Fortress
Bouncy Fortress, a widely-used cryptographic library that integrates with varied Atlassian merchandise, has been recognized with a notable vulnerability cataloged as CVE-2024-29857. This flaw impacts Bouncy Fortress variations as much as 1.77 and is expounded to dealing with restricted sources throughout the library. The character of this vulnerability can result in useful resource exhaustion, which can disrupt service operations or degrade efficiency.
Organizations utilizing Bouncy Fortress of their Atlassian environments ought to prioritize upgrading to model 1.78, together with important fixes to handle useful resource exhaustion. Upgrading to the most recent model will assist make sure the cryptographic library features effectively and securely inside built-in techniques.
CVE-2024-34750: Vulnerability in Apache Tomcat Affecting Atlassian Merchandise
Apache Tomcat, a well-liked open-source implementation of Java Servlets, is one other element affected by important vulnerabilities related to Atlassian merchandise. The vulnerability cataloged as CVE-2024-34750 impacts Apache Tomcat variations 9.0.89, 10.1.24, and 11.0.0-M20. Particularly, this flaw pertains to the HTTP2 Stream Handler element, which is liable for managing HTTP/2 connections.
The Widespread Vulnerability Scoring System (CVSS) for this vulnerability is 7.5, categorizing it as a reasonable danger. The potential impression of this flaw contains service disruptions and potential compromise of system integrity. On condition that Apache Tomcat serves as a important element for net purposes and providers in lots of Atlassian merchandise, this vulnerability represents a major safety concern.
Organizations ought to improve to Apache Tomcat variations 9.0.90, 10.1.25, or 11.0.0-M21 to handle this concern. These variations include safety patches and updates that mitigate the recognized vulnerability. By making use of these updates, organizations can improve the steadiness and safety of their net utility environments, lowering the danger of exploitation.
CVE-2024-37768: Privilege Escalation in Atlassian Jira
Atlassian Jira, a number one concern and undertaking monitoring device, has additionally been affected by a important vulnerability cataloged as CVE-2024-37768. This flaw presents a privilege escalation concern, doubtlessly permitting unauthorized customers to achieve elevated permissions throughout the Jira system. The vulnerability impacts a number of variations of Jira, making it a widespread concern for organizations that make the most of this device for undertaking administration and monitoring.
The Widespread Vulnerability Scoring System (CVSS) for CVE-2024-37768 is 9.1, indicating a excessive stage of danger. Exploitation of this privilege escalation flaw might result in unauthorized entry to delicate data, unauthorized modifications to initiatives, or disruption of undertaking administration workflows.
To deal with this vulnerability, organizations should improve to the most recent variations of Jira. Atlassian has launched safety patches and updates to remediate this concern, making certain that customers with applicable privileges are correctly authenticated and approved. Implementing these updates will assist safe Jira environments in opposition to potential cyber assaults and keep the integrity of undertaking administration processes.
CVE-2024-40859: Data Disclosure in Atlassian Confluence
Confluence, one other widely-used Atlassian product, has been recognized with a vulnerability cataloged as CVE-2024-40859. This vulnerability is expounded to data disclosure, which might doubtlessly expose delicate information to unauthorized people. The affected variations of Confluence embrace a number of releases, making it a important concern for organizations that depend on Confluence for collaborative work and information administration.
The Widespread Vulnerability Scoring System (CVSS) for this vulnerability is 7.5, categorizing it as high-risk. The potential impression of this data disclosure flaw contains unauthorized entry to confidential paperwork, inner communications, and different delicate data.
Earlier Situations of Exploitation
Aside from these Atlassian vulnerabilities, the group confronted exploitation from a earlier RCE vulnerability (CVE-2023-22527). In January 2024, Cyble Analysis and Intelligence (CRIL) Labs reported about this important flaw. CRIL reported that energetic exploitation makes an attempt of this vulnerability started on January 26, 2024.
Cyble’s International Sensor Intelligence (CGSI) community noticed scanning actions focusing on Confluence situations in varied international locations, together with america, Germany, and China. Over 4,000 uncovered Confluence situations have been recognized, with important numbers within the U.S., Germany, China, and Russia.
To deal with the vulnerability, Atlassian advisable updating Confluence Knowledge Heart and Server to the most recent variations: 8.5.5 (LTS) or 8.7.2 for Knowledge Heart solely. Organizations have been suggested to conduct common safety audits, apply patches promptly, and implement community segmentation to mitigate dangers.
The vulnerability stemmed from flaws within the text-inline.vm velocity template, which allowed attackers to bypass safety constraints and execute OGNL expressions past the usual 200-character restrict. Further data was supplied by way of Atlassian’s safety advisory and sources from cybersecurity consultants like Picus Safety and ProjectDiscovery.
Mitigation Methods and Suggestions
To deal with the vulnerabilities recognized in Atlassian merchandise, organizations ought to start by upgrading to the most recent variations of the software program. These updates embrace important safety patches and fixes for the vulnerabilities in query. It’s essential for organizations to often verify for and apply these updates promptly to keep up safety in opposition to potential threats.
Along with software program updates, implementing complete safety greatest practices is important. Organizations ought to monitor for uncommon actions, configure sturdy entry controls, and implement robust authentication mechanisms to reinforce their total safety posture. These measures assist stop unauthorized entry and mitigate the danger of exploitation.
Common safety assessments and vulnerability scans are additionally advisable to proactively establish and deal with potential safety points. Participating with safety professionals for periodic opinions can present precious insights and assist organizations keep forward of rising threats.
Employees schooling and coaching play an important position in sustaining safety. Guaranteeing that workers are conscious of the dangers related to vulnerabilities and are educated about greatest practices for utilizing Atlassian merchandise can considerably cut back the probability of safety breaches.
Lastly, organizations ought to set up efficient backup and restoration plans. These plans are important for safeguarding in opposition to information loss and making certain enterprise continuity within the occasion of a safety incident or exploitation of vulnerabilities. By getting ready for potential points, organizations can shortly get well and reduce disruptions.
Conclusion
The current cataloging of important Atlassian vulnerabilities by CERT-In highlights the pressing want for organizations to prioritize safety updates. The August 2024 bulletin revealed important flaws throughout varied Atlassian merchandise, every posing substantial dangers equivalent to unauthorized entry, service disruptions, and information publicity. Whereas these vulnerabilities are extreme, they’re manageable with well timed updates and sturdy safety practices.
Organizations are suggested to promptly improve their affected techniques, apply the required patches, and implement complete safety measures. Common assessments and proactive patch administration will assist safeguard in opposition to these vulnerabilities and strengthen total safety posture, making certain resilience in opposition to potential threats and sustaining operational integrity.