Inkampani yesoftware yase-Australia i-Atlassian ikhiphe isexwayiso esibalulekile mayelana nephutha elibucayi lezokuphepha, elilandelelwa njenge-CVE-2023-22518, elithinta i-Confluence Data Center kanye neseva. Leli phutha linamandla okuholela ekulahlekeni kwedatha enkulu uma lixhashazwa umhlaseli ongagunyaziwe. Ngamaphuzu aphezulu e-CVSS angu-9.1 kwangu-10, lobu bungozi buwela ngaphansi kwesigaba “sokuba sengozini kokugunyazwa okungafanele.”
Ububanzi be-CVE-2023-22518 Vulnerability
Umthelela we-CVE-2023-22518 ufinyelela kude, uthinta zonke izinhlobo ze Confluence Data Center kanye Neseva. Ukuze kuxazululwe le nkinga, i-Atlassian ikhiphe izinguqulo ezithile ezinciphisa iphutha. Kubaluleke kakhulu ukuthi abasebenzisi babuyekeze izimo zabo ze-Confluence zibe enye yezinguqulo ezilandelayo:
- Inguqulo 7.19.16 noma kamuva
- Inguqulo 8.3.4 noma kamuva
- Inguqulo 8.4.4 noma kamuva
- Inguqulo 8.5.3 noma kamuva
- Inguqulo 8.6.1 noma kamuva
Yize ubukhali balokhu kuba sengcupheni buphawuleka, i-Atlassian inikeza isiqinisekiso sokuthi ayithinti ukugcinwa kuyimfihlo. Lokhu kusho ukuthi noma kusetshenziswa kabi, umhlaseli akakwazi ukukhipha noma iyiphi idatha yesibonelo. Lo mehluko obalulekile uhlinzeka ngokuthula kwengqondo kubasebenzisi okungenzeka bakhathazeke ngemiphumela engaba khona yokuxhashazwa.
Imininingwane ye-CVE-2023-22518: Iphutha Elisha Elibucayi
I-Atlassian ikhethe ukugodla ulwazi oluthile mayelana nemvelo ye- iphutha kanye nezindlela izitha ezingase zisebenzise ukukuxhaphaza. Le ndlela yokuqapha ihloselwe ukuvimbela abalingisi abasabisayo ekusebenziseni imininingwane yephutha, ngaleyo ndlela kuvikelwe abasebenzisi kuze kube yilapho sekusetshenziswe kabanzi.
Isinyathelo Esisheshayo Sibalulekile
Ephendula ekuhlonzweni kwalobu bungozi, i-Atlassian inxusa amakhasimende ayo ukuthi athathe isinyathelo esisheshayo ukuze avikele izimo zawo ze-Confluence. Ikakhulukazi, izimo ezifinyeleleka nge-inthanethi yomphakathi kufanele zinqanyulwe okwesikhashana kuze kusetshenziswe isiqeshana esifanele. Ukwengeza, abasebenzisi abasebenzisa izinguqulo ze-Confluence ezingaphandle kwewindi losekelo bayelulekwa ngokuqinile ukuthi bathuthukele enguqulweni egxilile.
Iqhaza lama-Atlassian Cloud Sites
I-Atlassian inikeza umugqa wesiliva ngokuqinisekisa ukuthi amasayithi e-Atlassian Cloud ahlala engathinteki yi-CVE-2023-22518 ehlonziwe. Lokhu kugcizelela ukubaluleka kwezixazululo ezisekelwe emafini ekwehliseni izingozi ezithile zokuphepha ku-inthanethi.
Ukuma Okuqinile Lapho Ubhekene Nezinsongo Ezingaba Khona
Nakuba okwamanje abukho ubufakazi bokuxhashazwa okusebenzayo kwalokhu kuba sengcupheni endle, i-Atlassian igcizelela isidingo sokuma okuqinile lapho kubhekwa izinsongo ezingaba khona. Kubalulekile ukuqaphela ukuthi ubungozi bangaphambilini ku-software ye-Atlassian buhlonywe abalingisi abasabisayo, okugcizelela ukubaluleka kokuhlala ngaphambi kwezingozi ezivelayo.
Ukuzibophezela kwe-Atlassian Ekuphepheni Kwabasebenzisi
Impendulo esheshayo ye-Atlassian kuphutha elikhonjiwe lokuvikeleka ku-Confluence Data Center kanye neseva ibonisa ukuzibophezela okungantengantengi kwenkampani ekuphepheni komsebenzisi. Isicelo sokuthatha isinyathelo ngokushesha, kanye nokuqinisekiswa kokugcinwa kuyimfihlo kwedatha, kugqamisa umzamo wokubambisana odingekayo phakathi kwabahlinzeki bezinhlelo ze-software nabasebenzisi ukuze kuqiniswe ukuzivikela kwedijithali ezinsongweni eziguqukayo ze-inthanethi.
Isiphetho
Esimeni sedijithali esishintsha ngokushesha, ukuqapha kwabahlinzeki bezinhlelo zokusebenza nabasebenzisi ngokufanayo kubaluleke kakhulu ekuvikeleni izinsongo ezingaba khona. Impendulo ye-Atlassian esheshayo nenesibopho ku-CVE-2023-22518 yezokuphepha iyisibonelo sendlela esebenzayo edingekayo ukuze kugcinwe indawo evikelekile. Njengoba lokhu kuba sengcupheni okubalulekile kugcizelela, izinsongo ze-inthanethi azimile kodwa zihlala zijwayela ukuxhaphaza ubuthakathaka. Ngakho-ke, ukuhlala unolwazi, ukuvuselela njalo isofthiwe, kanye nokubhekana ngokushesha nokuba sengozini kwezokuvikela kuyizingxenye ezibalulekile zokugcina isimo esiqinile se-cybersecurity.
Ukuzibophezela kwe-Atlassian ekuphepheni komsebenzisi kuyancomeka, ngoba ayilungisi nje kuphela iphutha kodwa futhi iqinisekisa abasebenzisi mayelana nokugcinwa kuyimfihlo kwedatha. Lokhu kubonisa umzamo wokuhlanganyela phakathi kwabahlinzeki besofthiwe nabasebenzisi babo, kugcizelela ukuthi ukuphepha kuwumthwalo wemfanelo okwabelwana ngawo. Isinyathelo esisheshayo esithathwe i-Atlassian sisebenza njengesikhumbuzo esibalulekile sokuthi umhlaba wedijithali udinga ukuqapha njalo, njengoba izinsongo ezingaba khona zingase zicashe ekhoneni.
Sengiphetha, njengabasebenzisi bobuchwepheshe bedijithali, indima yethu ekugcineni ukuphepha ku-inthanethi akufanele ithathwe kancane. Ukuhlala umatasa, unolwazi, futhi usabela ezinsongweni ezivelayo kubalulekile. Indlela i-Atlassian ephatha ngayo i-CVE-2023-22518 isebenza njengesikhumbuzo sokuthi ngokusebenzisana nokuhlala sizibophezele ekuphepheni, singaqinisa ukuzivikela kwethu kwedijithali futhi sizulazule endaweni ehlala ishintsha yokuvikeleka ku-inthanethi ngokuzethemba nangokukhuthazela.