Atlassian publikuje poprawki do swoich produktów 03/24 (P24-093)

utworzone przez | mar 20, 2024 | Aktualizacje, Podatności

19 marca 2024 r. firma Atlassian opublikowała porady dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach następujących produktów:

     Bamboo Data Center – wiele wersji

     Serwer Bamboo – wiele wersji

     Bitbucket Data Center – wiele wersji

     Serwer Bitbucket – wiele wersji

     Confluence Data Center – wiele wersji

     Serwer Confluence – wiele wersji

     Jira Service Management Data Center – wiele wersji

     Jira Service Management Server – wiele wersji

     Jira Software Data Center – wiele wersji

     Jira Software Server – wiele wersji

ProduktWersja podatnaAktualizacjaLink/OpisCVECVSS
Bamboo Data Center and Server9.5.0 do 9.5.1 9.4.0 do 9.4.3 9.3.0 do 9.3.6 9.2.0 do 9.2.11 (LTS) 9.1.0 do 9.1.3 9.0.0 do 9.0.4 8.2.0 do 8.2.9 Wszelkie wcześniejsze wersjeTylko zalecane centrum danych w wersji 9.6.0 (LTS) lub 9.5.2 9.4.4 9.2.12 (LTS)


SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and ServerCVE-2024-159710.0
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bamboo Data Center and ServerCVE-2024-216347.5
Bitbucket Data Center and Server8.18.0 8.17.0 do 8.17.1 8.16.0 do 8.16.2 8.15.0 do 8.15.3 8.14.0 do 8.14.4 8.13.0 do 8.13.5 8.12.0 do 8.12.3 8.11.0 do 8.11.1 8.10.0 do 8.10.1 8.9.0 do 8.9.9 (LTS) Wszelkie wcześniejsze wersje (z wyjątkiem 7.21.22)8.19.0 (LTS) recommended Data Center Only

8.18.1 8.17.2 8.16.3 to 8.16.4

8.15.4 to 8.15.5

8.14.5 to 8.14.6

8.13.6 8.9.10 to 8.9.11 (LTS)

7.21.22 to 7.21.23		DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bitbucket Data Center and ServerCVE-2024-216347.5
Confluence Data Center and Server8.8.0 8.7.0 do 8.7.2 8.6.0 do 8.6.2 8.5.0 do 8.5.6 (LTS) 8.4.0 do 8.4.5 8.3.0 do 8.3.4 8.2.0 do 8.2.3 8.1.0 do 8.1.4 8.0.0 do 8.0.4 7.20.0 do 7.20.3 7.19.0 (LTS) do 7.19.19 (LTS) 7.18.0 do 7.18.3 7.17.0 do 7.17.5 Wszelkie wcześniejsze wersjeZalecana wersja 8.8.1 Tylko centrum danych 8.5.7 (LTS) 7.19.20 (LTS)Path Traversal in Confluence Data CenterCVE-2024-216778.3
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Confluence Data Center and ServerCVE-2023-364787.5
Jira Software Data Center and Server9.12.0 do 9.12.2 LTS 9.11.0 do 9.11.3 9.10.0 do 9.10.2 9.9.0 do 9.9.2 9.8.0 do 9.8.2 9.7.0 do 9.7.2 9.6.0 9.5.0 do 9.5.1 9.4.0 do 9.4.17 LTS 9.3.0 do 9.3.3 9.2.0 do 9.2.1 9.1.0 do 9.1.1 9.0.0 Wszelkie wcześniejsze wersjeZalecana wersja 9.14.1 lub Tylko centrum danych 9.14.0   9.13.0 do 9.13.1 9.12.3 do 9.12.5 (LTS)   9.4.18 (LTS)












DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2022-401507.5
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-344557.5
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and ServerCVE-2022-428907.5
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and ServerCVE-2022-417047.5
SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and ServerCVE-2022-401467.5
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2023-14367.5
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2022-456857.5
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and ServerCVE-2022-295467.5
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2022-401497.5
DoS (Denial of Service) org.apache.avro:avro Dependency in Jira Software Data Center and ServerCVE-2023-394107.5
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-344547.5
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-344537.5
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-436427.5
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and ServerCVE-2022-35097.5
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and ServerCVE-2022-31717.5
DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and ServerCVE-2023-50727.5
DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and ServerCVE-2022-456887.5
RCE (Remote Code Execution) xalan:xalan Dependency in Jira Software Data Center and ServerCVE-2022-341697.5
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and ServerCVE-2022-248397.5
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and ServerCVE-2022-283667.5