Ambientia's response to Atlassian CVE-2022-43782 (Crowd) and CVE-2022-43781 (Bitbucket Server)
Incident
Report for Ambientia
Resolved
This incident has been resolved.
Monitoring
On 16th of November 20:00 EET Atlassian released two new security advisories, one concerning Atlassian Crowd and one concerning Atlassian Bitbucket Server. Both of the vulnerabilities are rated as "critical" by Atlassian.
We have carefully assessed the impact of these vulnerabilities to Ambientia managed Crowd and Bitbucket installations and have concluded that there is no immediate risk of exploitation. Out of abundance of caution we have decided to implement the Atlassian suggested mitigations to all Ambientia managed Atlassian Crowd installations.
However, Ambientia strongly recommends addressing these vulnerabilities by upgrading to a fixed version of the software, as additional attack vectors might come up or the mitigations might be rendered ineffective. If you are an Ambientia customer using either of these products, we will be in touch with you shortly to agree on a timeline for implementing the upgrade.
We are monitoring the situation actively and are prepared to act on it if such a need arises.
As always, should you have any questions regarding this vulnerability, please get in touch with our Service Desk.
For more information about the vulnerabilities, please review Atlassian's official security advisories here: https://confluence.atlassian.com/security/november-2022-atlassian-security-advisories-overview-1167844594.html
We have carefully assessed the impact of these vulnerabilities to Ambientia managed Crowd and Bitbucket installations and have concluded that there is no immediate risk of exploitation. Out of abundance of caution we have decided to implement the Atlassian suggested mitigations to all Ambientia managed Atlassian Crowd installations.
However, Ambientia strongly recommends addressing these vulnerabilities by upgrading to a fixed version of the software, as additional attack vectors might come up or the mitigations might be rendered ineffective. If you are an Ambientia customer using either of these products, we will be in touch with you shortly to agree on a timeline for implementing the upgrade.
We are monitoring the situation actively and are prepared to act on it if such a need arises.
As always, should you have any questions regarding this vulnerability, please get in touch with our Service Desk.
For more information about the vulnerabilities, please review Atlassian's official security advisories here: https://confluence.atlassian.com/security/november-2022-atlassian-security-advisories-overview-1167844594.html