Atlassian publikuje poprawki do swoich produktów 09/24 (P24-304)

utworzone przez | wrz 20, 2024 | Aktualizacje, Podatności

17 września 2024 r. firma Atlassian opublikowała biuletyn bezpieczeństwa, aby rozwiązać problemy z lukami w następujących produktach:

  • Bamboo Data Center i Server – wiele wersji
  • Bitbucket Data Center i Server – wiele wersji
  • Confluence Data Center i Server – wiele wersji
  • Crowd Data Center i Server – wiele wersji
Biuletyn Bezpieczeństwa
LinkWersjaPatchOpisCVE IDCVSS
Bamboo Data Center and Server9.6.0 do 9.6.3 (LTS) 9.5.0 do 9.5.4 9.2.1 do 9.2.16 (LTS)10.0.0 do 10.0.1 Data Center Tylko 9.6.4 do 9.6.6 (LTS) zalecane Data Center Tylko 9.2.17 do 9.2.18 (LTS)DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center and ServerCVE-2024-347507.5
Bitbucket Data Center and Server8.19.0 do 8.19.8 (LTS) 8.18.0 do 8.18.1 8.9.0 do 8.9.18 (LTS)9.0.0 do 9.0.1 Data Center Tylko 8.19.9 (LTS) zalecane Data Center tylko 8.9.19 (LTS)DoS (Denial of Service) org.apache.cxf:cxf-rt-rs-security-jose Dependency in Bitbucket Data Center and ServerCVE-2024-320077.5
DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and ServerCVE-2024-347507.5
Confluence Data Center and Server8.9.0 do 8.9.3 8.8.0 do 8.8.1 8.7.1 do 8.7.2 8.6.0 do 8.6.2 8.5.0 do 8.5.11 (LTS) 8.4.0 do 8.4.5 8.3.0 do 8.3.4 8.2.0 do 8.2.3 8.1.0 do 8.1.4 8.0.0 do 8.0.4 7.20.0 do 7.20.3 7.19.2 do 7.19.25 (LTS)9.0.1 do 9.0.3 Data Center tylko 8.9.4 do 8.9.6 Data Center Tylko 8.5.12 do 8.5.15 (LTS) zalecane 7.19.26 (LTS)DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Confluence Data Center and ServerCVE-2024-298577.5
DoS (Denial of Service) org.clojure:clojure Dependency in Confluence Data Center and ServerCVE-2024-228717.5
Crowd Data Center and Server5.3.0 do 5.3.1 5.2.0 do 5.2.4 5.1.0 do 5.1.125.3.2 do 5.3.4 zalecaneData Center Tylko 5.2.6 do 5.2.8DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Crowd Data Center and ServerCVE-2024-298577.5