CVE-2023-22523, CVE-2022-1471, 2023-22524, 2023-22522

CVE-2023-22523, CVE-2022-1471, CVE-2023-22524, and CVE-2023-22522: Four Critical RCE Vulnerabilities Impacting Multiple Atlassian Products

Find Arctic Wolf’s recommendations for CVE-2023-22523, CVE-2022-1471, CVE-2023-22524, & CVE-2023-22522.

On Tuesday, 5 December 2023, Atlassian published fixes for four critical-severity remote code execution (RCE) vulnerabilities impacting a variety of Atlassian products, including Atlassian Confluence Server and Data Center. The vulnerabilities were discovered by Atlassian as part of a security review and have not been actively exploited by threat actors. Additionally, we have not observed a public proof of concept (PoC) exploit published for any of the vulnerabilities. ?

Threat actors have historically targeted Atlassian vulnerabilities in products impacted by the four vulnerabilities described below to achieve actions on objectives, including and the deployment of ransomware. In November 2023, two recent critical vulnerabilities in Atlassian Confluence Data Center and Server ( and ) were targeted by threat actors for exploitation. Based on these precedents, we assess that threat actors are also likely to attempt exploitation in the near term of one or more of the new vulnerabilities described in this bulletin.??

Vulnerabilities?

?	CVSS: 9.8 – Critical?	No Active Exploitation Observed?
Remote Code Execution – A remote threat actor can target the area between the Assets Discovery application and Assets Discovery agent to perform privileged RCE on machines where the Assets Discovery agent is installed.?

?	CVSS: 9.8 – Critical?	No Active Exploitation Observed?
Remote Code Execution – A remote threat actor can exploit a deserialisation flaw in the SnakeYAML library for Java (used by multiple Atlassian products) which can lead to RCE.?

CVSS: 9.6 – Critical?

No Active Exploitation Observed?

Remote Code Execution – A remote threat actor can bypass Atlassian Companion��s blocklist and MacOS Gatekeeper by leveraging WebSockets.?

Note: This vulnerability only affects the Atlassian Companion App for MacOS.?

CVSS: 9.0 – Critical?

No Active Exploitation Observed?

Remote Code Execution – An anonymous authenticated threat actor can inject specifically crafted user input into a Confluence page.?

Note: Atlassian cloud sites (sites accessed via an atlassian.net domain) are not affected by this vulnerability.?

Recommendations CVE-2023-22523, CVE-2022-1471, CVE-2023-22524, and CVE-2023-22522

Apply the Available Security Patches to Applicable Products

Atlassian released security patches for all impacted products. We recommend applying the latest relevant security patches to impacted products to mitigate the vulnerabilities and prevent potential exploitation.??

Affected and Fixed Products/Versions

Product?	Affected Version(s)?	Fixed Version(s)?	Vulnerability?
Atlassian Companion App (MacOS)?	All versions < 2.0.0?	2.0.0 or later?	CVE-2023-22524?
Jira Service Management Cloud (Assets Discovery Component)?	Insight Discovery 1.0 – 3.1.3? Assets Discovery 3.1.4 – 3.1.7? Assets Discovery 3.1.8-cloud – 3.1.11-cloud?	Assets Discovery 3.2.0-cloud or later?	CVE-2023-22523?
Jira Service Management Data Center and Server (Assets Discovery Component)?	Insight Discovery 1.0 – 3.1.7? Assets Discovery 3.1.9 – 3.1.11? Assets Discovery 6.0.0 – 6.1.14, 6.1.14-jira-dc-8?	Assets Discovery 6.2.0 or later?	CVE-2023-22523?
Confluence Data Center and Server?	All versions including and after 4.0.0?	7.19.17 (LTS)? 8.4.5? 8.5.4 (LTS)? 8.6.2 or later (Data Center Only)? 8.7.1 or later (Data Center Only)?	CVE-2023-22522, CVE-2022-1471?
Automation for Jira (A4J) – Marketplace App & Server Lite Marketplace App?	9.0.1? 9.0.0? <= 8.2.2?	9.0.2? 8.2.4?	CVE-2022-1471?
Bitbucket Data Center and Server?	Several versions between 7.17.x – 8.12.0?	7.21.16 (LTS)? 8.8.7? 8.9.4 (LTS)? 8.10.4?? 8.11.3?? 8.12.1?? 8.13.0? 8.14.0? 8.15.0?(Data Center Only)? 8.16.0?(Data Center Only)?	CVE-2022-1471?
Confluence Cloud Migration App (CCMA)?	Plugin versions lower than 3.4.0.?	3.4.0?	CVE-2022-1471?
Jira Core/Software Data Center and Server?	Several versions between 9.4.0 – 9.11.1?	9.11.2? 9.12.0 (LTS)? 9.4.14 (LTS)?	CVE-2022-1471?
Jira Service Management Data Center and Server?	Several versions between 5.4.0 – 5.11.1?	5.11.2?? 5.12.0 (LTS)? 5.4.14 (LTS)?	CVE-2022-1471?

Please follow your organisations patching and testing guidelines to avoid operational impact.?

Workarounds

If your organisation is not able to apply the relevant security patches, we recommend following Atlassian��s provided workarounds until able to do so. ?

Affected Product?	Mitigation?
Confluence Data Center and Sever?	Back up instance and remove it from the internet until you are able to patch.?
Atlassian Companion App (MacOS)?	Uninstall the Atlassian Companion App.?
Jira Service Management Cloud Jira Service Management Data Center and Server?	Uninstall agents. If that is not possible, users may block the port used for communication with agents (the default port is 51337).? Note: This temporary mitigation is not a replacement for uninstalling the agents.?
Automation for Jira (A4J) – Marketplace App & Server Lite Marketplace App Bitbucket Data Center and Server Jira Core/Software Data Center and Server Jira Service Management Data Center and Server?	Upgrade to a fixed version via the Universal Plugin Manager (UPM).?

? 2026 ��. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

������

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Security Bulletins

Microsoft Patch Tuesday: April 2026?

CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS

CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

Company

Careers

Press

CVE-2023-22523, CVE-2022-1471, CVE-2023-22524, and CVE-2023-22522: Four Critical RCE Vulnerabilities Impacting Multiple Atlassian Products

Vulnerabilities?

Recommendations CVE-2023-22523, CVE-2022-1471, CVE-2023-22524, and CVE-2023-22522

Apply the Available Security Patches to Applicable Products

Affected and Fixed Products/Versions

Workarounds

References

Popular Topics

Share this post:

What to read next

6 min read

Microsoft Patch Tuesday: April 2026

2 min read

CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

4 min read

Supply Chain Attack Impacts Widely Used Axios npm Package

2 min read

CVE-2025-53521: F5 BIG-IP APM Vulnerability Reclassified as Unauthenticated RCE and Exploited in the Wild

Earl Grey House 77 Grey St. 3rd Floor Newcastle upon TyneNE1?6EF UK

? 2026 ������. All Rights Reserved.

��

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1?6EF
UK

? 2026 ��. All Rights Reserved.