{"id":2437,"date":"2023-12-23T21:30:10","date_gmt":"2023-12-23T21:30:10","guid":{"rendered":"https:\/\/securitybriefing.net\/?p=2437"},"modified":"2023-12-23T21:31:58","modified_gmt":"2023-12-23T21:31:58","slug":"cap-nhat-bao-mat-quan-trong-atlassian-khac-phuc-lo-hong-nghiem-trong-trong-nhieu-san-pham","status":"publish","type":"post","link":"https:\/\/securitybriefing.net\/vi\/tin-tuc\/cap-nhat-bao-mat-quan-trong-atlassian-khac-phuc-lo-hong-nghiem-trong-trong-nhieu-san-pham\/","title":{"rendered":"B\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt quan tr\u1ecdng: Atlassian v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong nhi\u1ec1u s\u1ea3n ph\u1ea9m"},"content":{"rendered":"

Atlassian, m\u1ed9t c\u00f4ng ty n\u1ed5i ti\u1ebfng v\u1edbi vi\u1ec7c t\u1ea1o ra c\u00e1c c\u00f4ng c\u1ee5 c\u1ed9ng t\u00e1c nh\u00f3m v\u00e0 ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m, g\u1ea7n \u0111\u00e2y \u0111\u00e3
\u0111\u00e3 \u0111\u01b0a ra c\u00e1c c\u1ea3nh b\u00e1o b\u1ea3o m\u1eadt quan tr\u1ecdng cho m\u1ed9t s\u1ed1 s\u1ea3n ph\u1ea9m c\u1ee7a m\u00ecnh. Nh\u1eefng c\u1ea3nh b\u00e1o n\u00e0y l\u00e0 v\u1ec1 nh\u1eefng \u0111i\u1ec3m y\u1ebfu trong
ph\u1ea7n m\u1ec1m c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb x\u1ea5u \u0111\u1ed9t nh\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng s\u1eed d\u1ee5ng c\u00e1c s\u1ea3n ph\u1ea9m n\u00e0y.
Sau \u0111\u00e2y l\u00e0 nh\u1eefng \u0111i\u1ec3m ch\u00ednh:<\/p>\n\n\n\n

    \n
  1. S\u1ef1 c\u1ed1 v\u1ec1 Trung t\u00e2m d\u1eef li\u1ec7u v\u00e0 m\u00e1y ch\u1ee7 Confluence (CVE-2023-22522): C\u00f3 m\u1ed9t s\u1ef1 c\u1ed1 nghi\u00eam tr\u1ecdng trong c\u00e1c phi\u00ean b\u1ea3n 7.14.1 \u0111\u1ebfn 7.19.4 c\u1ee7a
    Confluence Data Center v\u00e0 Server c\u00f3 th\u1ec3 cho ph\u00e9p tin t\u1eb7c ki\u1ec3m so\u00e1t c\u00e1c h\u1ec7 th\u1ed1ng n\u00e0y t\u1eeb xa. Atlassian \u0111\u00e3 kh\u1eafc ph\u1ee5c \u0111i\u1ec1u n\u00e0y b\u1eb1ng
    b\u1ea3n c\u1eadp nh\u1eadt m\u1edbi v\u00e0 h\u1ecd khuy\u1ebfn c\u00e1o m\u1ea1nh m\u1ebd r\u1eb1ng m\u1ecdi ng\u01b0\u1eddi s\u1eed d\u1ee5ng c\u00e1c phi\u00ean b\u1ea3n n\u00e0y n\u00ean c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m ngay l\u1eadp t\u1ee9c.<\/li>\n\n\n\n
  2. S\u1ef1 c\u1ed1 \u1ee9ng d\u1ee5ng Atlassian Companion cho macOS (CVE-2023-22524): M\u1ed9t s\u1ef1 c\u1ed1 t\u01b0\u01a1ng t\u1ef1 \u0111\u00e3 \u0111\u01b0\u1ee3c t\u00ecm th\u1ea5y trong Atlassian
    \u1ee8ng d\u1ee5ng Companion d\u00e0nh cho macOS, phi\u00ean b\u1ea3n 7.14.0 \u0111\u1ebfn 7.20.0. M\u1ed9t l\u1ea7n n\u1eefa, c\u00f3 b\u1ea3n v\u00e1 l\u1ed7i kh\u1ea3 d\u1ee5ng v\u00e0 ng\u01b0\u1eddi d\u00f9ng n\u00ean c\u1eadp nh\u1eadt \u1ee9ng d\u1ee5ng c\u1ee7a h\u1ecd l\u00ean
    phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t ngay khi c\u00f3 th\u1ec3.<\/li>\n\n\n\n
  3. L\u1ed7 h\u1ed5ng Assets Discovery (CE-2023-22523): L\u1ed7 h\u1ed5ng n\u00e0y \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn c\u00e1c phi\u00ean b\u1ea3n 12.11.0 \u0111\u1ebfn 12.21.1 c\u1ee7a Assets Discovery. Gi\u1ed1ng nh\u01b0
    nh\u1eefng ng\u01b0\u1eddi kh\u00e1c, v\u1ea5n \u0111\u1ec1 n\u00e0y c\u00f3 th\u1ec3 cho ph\u00e9p tin t\u1eb7c \u0111i\u1ec1u khi\u1ec3n h\u1ec7 th\u1ed1ng t\u1eeb xa v\u00e0 Atlassian \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 \u0111\u1ec3 kh\u1eafc ph\u1ee5c. Ng\u01b0\u1eddi d\u00f9ng \u0111ang
    \u0111\u01b0\u1ee3c khuy\u1ebfn kh\u00edch n\u00e2ng c\u1ea5p l\u00ean phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t.<\/li>\n\n\n\n
  4. S\u1ef1 c\u1ed1 Th\u01b0 vi\u1ec7n SnakeYAML (CVE-2022-1471): \u0110\u00e2y l\u00e0 s\u1ef1 c\u1ed1 r\u1ed9ng h\u01a1n \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn nhi\u1ec1u s\u1ea3n ph\u1ea9m Atlassian, bao g\u1ed3m nhi\u1ec1u s\u1ea3n ph\u1ea9m
    c\u00e1c phi\u00ean b\u1ea3n c\u1ee7a Confluence, Bitbucket, JIRA v\u00e0 Bamboo. C\u00e1c b\u1ea3n v\u00e1 c\u00f3 s\u1eb5n cho t\u1ea5t c\u1ea3 c\u00e1c s\u1ea3n ph\u1ea9m b\u1ecb \u1ea3nh h\u01b0\u1edfng v\u00e0 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng n\u00ean tr\u00ec ho\u00e3n
    trong vi\u1ec7c c\u1eadp nh\u1eadt h\u1ec7 th\u1ed1ng c\u1ee7a h\u1ecd.
    <\/li>\n<\/ol>\n\n\n

    B\u1ea1n c\u00f3 th\u1ec3 l\u00e0m g\u00ec? <\/h2>\n\n\n

    B\u00ean c\u1ea1nh vi\u1ec7c c\u00e0i \u0111\u1eb7t c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt n\u00e0y, b\u1ea1n n\u00ean th\u01b0\u1eddng xuy\u00ean ki\u1ec3m tra b\u1ea3o m\u1eadt c\u1ee7a Atlassian
    th\u00f4ng b\u00e1o v\u1ec1 c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt m\u1edbi. T\u0103ng c\u01b0\u1eddng ch\u00ednh s\u00e1ch m\u1eadt kh\u1ea9u v\u00e0 theo d\u00f5i ch\u1eb7t ch\u1ebd h\u1ec7 th\u1ed1ng
    c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u0169ng c\u00f3 th\u1ec3 gi\u00fap \u00edch. Lu\u00f4n sao l\u01b0u d\u1eef li\u1ec7u quan tr\u1ecdng, \u0111\u1ec1 ph\u00f2ng tr\u01b0\u1eddng h\u1ee3p c\u00f3 s\u1ef1 c\u1ed1 x\u1ea3y ra.
    T\u00f3m l\u1ea1i Atlassian r\u1ea5t nghi\u00eam t\u00fac trong vi\u1ec7c gi\u1eef an to\u00e0n cho s\u1ea3n ph\u1ea9m c\u1ee7a m\u00ecnh. B\u1eb1ng c\u00e1ch c\u1eadp nh\u1eadt th\u00f4ng tin v\u00e0 tu\u00e2n th\u1ee7 c\u00e1c \u0111i\u1ec1u sau
    m\u1eb9o an to\u00e0n, ng\u01b0\u1eddi d\u00f9ng v\u00e0 qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng c\u00f3 th\u1ec3 t\u1ef1 b\u1ea3o v\u1ec7 m\u00ecnh t\u1ed1t h\u01a1n kh\u1ecfi nh\u1eefng v\u1ea5n \u0111\u1ec1 b\u1ea3o m\u1eadt n\u00e0y.
    T\u00e0i nguy\u00ean h\u1eefu \u00edch<\/p>\n\n\n\n