Kambani yeAustralia software yeAtlassian yakapa yambiro yakakosha ine chekuita nekukanganisika kwekuchengetedza, yakateverwa seCVE-2023-22518, inobata Confluence Data Center uye Server. Kukanganisa uku kune mukana wekutungamira mukurasikirwa kukuru kwedata kana ikashandiswa neanorwisa asina mvumo. Iine yakakwira CVSS mamakisi e9.1 kubva pagumi, kusagadzikana uku kunowira pasi pechikamu che "zvisina kufanira mvumo yekusagadzikana."
Chikamu cheCVE-2023-22518 Vulnerability
Mhedzisiro yeCVE-2023-22518 inosvika kure, inobata shanduro dzese dze Confluence Data Center uye Server. Kugadzirisa nyaya iyi, Atlassian yakakurumidza kuburitsa mavhezheni anodzora chikanganiso. Izvo zvakanyanya kukosha kuti vashandisi vagadzirise yavo Confluence zviitiko kune imwe yeinotevera shanduro:
- Shanduro 7.19.16 kana kuti gare gare
- Shanduro 8.3.4 kana kuti gare gare
- Shanduro 8.4.4 kana kuti gare gare
- Shanduro 8.5.3 kana kuti gare gare
- Shanduro 8.6.1 kana kuti gare gare
Nepo huipi hwekusagadzikana uku huchizivikanwa, Atlassian inopa simbiso yekuti haina kukanganisa kuvanzika. Izvi zvinoreva kuti kunyangwe ikashandiswa, anorwisa haakwanise kuburitsa chero chiitiko data. Musiyano wakakosha uyu unopa runyararo rwepfungwa kune vashandisi vanogona kunge vachinetsekana nemhedzisiro inogona kuitika mukubiridzira.
Details of CVE-2023-22518: A New Critical Flaw
Atlassian yasarudza kuramba ruzivo rwakakwana maererano nemhando ye kukanganisa uye nzira dzingashandiswa nevavengi kuti vazvishandise. Iyi nzira yekuchenjerera yakanangana nekudzivirira vanotyisidzira kubva kutora mukana wezvakakanganiswa, nekudaro kuchengetedza vashandisi kudzamara zvigamba zvashandiswa zvakanyanya.
Chiito Chapakarepo Chinokosha
Mukupindura kuratidzwa kwekusagadzikana uku, Atlassian iri kukurudzira vatengi vayo kuti vatore danho rekukasika kuchengetedza zviitiko zvavo zveConfluence. Kunyanya, zviitiko zvinosvikika kuburikidza neinternet yeruzhinji zvinofanirwa kubviswa kwenguva kusvika chigamba chakakodzera chaiswa. Pamusoro pezvo, vashandisi vanomhanyisa mavhezheni eConfluence ari kunze kwehwindo rekutsigira vanorayirwa zvakasimba kuti vakwidziridze kune yakagadziriswa vhezheni.
Basa reAtlassian Cloud Sites
Atlassian inopa silver lining nekusimbisa kuti Atlassian Cloud nzvimbo dzinoramba dzisina kubatwa neiyo CVE-2023-22518 yakaonekwa. Izvi zvinosimbisa kukosha kwemafu-based solutions mukudzikamisa dzimwe njodzi dzecybersecurity.
Proactive Stance Pakutarisana Nezvinongogona Kutyisidzira
Nepo pari zvino pasina humbowo hwekushandisa zvine hungwaru kwekusagadzikana uku musango, Atlassian inosimbisa kukosha kwechimiro chekutarisana nekutyisidzira kunogona kuitika. Izvo zvakakosha kuti uzive kuti kusadzivirirwa kwekare muAtlassian software yakashongedzwa nevatambi vekutyisidzira, zvichisimbisa kukosha kwekugara pamberi penjodzi dziri kubuda.
Kuzvipira kweAtlassian kune Kuchengetedzwa Kwemushandisi
Mhinduro yekukurumidza yeAtlassian kune yakaonekwa kuchengetedza kukanganisa muConfluence Data Center uye Server inoratidza kuzvipira kusingazungunuke kwekambani kuchengetedza mushandisi. Iko kushevedzwa kwechiito chekukurumidza, pamwe nekuvimbiswa kwekuvanzika kwedata, kunosimbisa kuedza kwekubatana kunodiwa pakati pevanopa software nevashandisi kusimbisa dziviriro yedhijitari kubva mukutyisidzira kwecyber.
mhedziso
Munzvimbo inokurumidza kubuda yedhijitari, kusvinurira kwevanopa software nevashandisi zvakafanana kwakakosha mukuchengetedza kubva kune zvinogona kutyisidzira. Mhinduro yeAtlassian inokurumidza uye ine mutoro kune CVE-2023-22518 chengetedzo chikanganiso chinoenzanisira maitiro ekuita anodiwa kuchengetedza nharaunda yakachengeteka. Sezvo kusadzivirirwa uku kunosimbisa, kutyisidzira kwecyber hakuna kumira asi kunogara kuchienderana nekushandisa kushaya simba. Naizvozvo, kugara uine ruzivo, kugara uchivandudza software, uye nekukasira kugadzirisa kusadzivirirwa zvinhu zvakakosha zvekuchengetedza yakasimba cybersecurity chimiro.
Kuzvipira kweAtlassian kukuchengetedza mushandisi kunorumbidzwa, sezvo isingangogadzirise kukanganisa chete asiwo inosimbisa vashandisi nezve kuvanzika kwedata. Izvi zvinoratidza kushanda nesimba pakati pevanopa software nevashandisi vavo, zvichisimbisa kuti kuchengetedza ibasa rakagovaniswa. Chiito chekukurumidza chakatorwa neAtlassian chinoshanda sechiyeuchidzo chakakosha chekuti nyika yedhijitari inoda kugara yakasvinura, sezvo kutyisidzira kunogona kuvanda kukona.
Mukupedzisa, sevashandisi vetekinoroji yedhijitari, basa redu mukuchengetedza cybersecurity harifanirwe kurerutswa. Kuramba uchishanda, uine ruzivo, uye uchipindura kune kutyisidzira kuri kubuda kwakakosha. Mabatiro aAtlassian eCVE-2023-22518 anoshanda sechiyeuchidzo chekuti nekushanda pamwechete uye kuramba takazvipira kuchengetedzeka, tinogona kusimbisa dziviriro yedu yedhijitari uye kufamba-famba munzvimbo inogara ichichinja yecybersecurity nechivimbo uye nekusimba.