Firma Atlassian opublikowała porady dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach następujących produktów:
Informacje o produkcie i wydaniu | Wersje, których dotyczy problem | Poprawiona wersja | Podsumowanie luk w zabezpieczeniach | Numer CVE | CVSS Krytyczność |
Bamboo Data Center and Server | 9.6.0 do 9.6.3 (LTS)9.5.0 do 9.5.49.4.0 do 9.4.49.3.0 do 9.3.69.2.1 do 9.2.15 (LTS)9.1.0 do 9.1.39.0.0 do 9.0.4 | 9.6.4 (LTS) rekomendowane Data Center Only9.2.16 (LTS) | File Inclusion in Bamboo Data Center and Server | CVE-2024-21687 | 8.1 Wysoka |
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bamboo Data Center and Server | CVE-2024-22262 | 8.1 Wysoka | |||
Confluence Data Center and Server | 8.9.0 do 8.9.38.8.0 do 8.8.18.7.1 do 8.7.28.6.0 do 8.6.28.5.0 do 8.5.11 (LTS)8.4.0 do 8.4.58.3.0 do 8.3.48.2.0 do 8.2.38.1.0 do 8.1.48.0.0 do 8.0.47.20.0 do 7.20.37.19.0 do 7.19.24 (LTS) | 8.9.4 Data Center Only8.5.12 (LTS) rekomendowane7.19.25 (LTS) | DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server | CVE-2021-36090 | 7.5 Wysoka |
DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server | CVE-2021-35517 | 7.5 Wysoka | |||
DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server | CVE-2021-35516 | 7.5 Wysoka | |||
DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server | CVE-2021-35515 | 7.5 Wysoka | |||
DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server | CVE-2019-12402 | 7.5 Wysoka | |||
Third-Party Dependency in Confluence Data Center and Server | CVE-2024-21688 | 7.4 Wysoka | |||
Stored XSS in Confluence Data Center and Server | CVE-2024-21686 | 7.3 Wysoka | |||
Jira Data Center and Server | 9.7.0 do 9.7.29.6.09.5.0 do 9.5.19.4.0 do 9.4.17 (LTS)9.3.0 do 9.3.39.2.0 do 9.2.19.1.0 do 9.1.1 | 9.8.0 lub wcześniejsze9.12.0 do 9.12.11 (LTS) rekomendowane9.4.18 do 9.4.24 (LTS) | DoS (Denial of Service) com.thoughtworks.xstream:xstream Dependency in Jira Software Data Center and Server | CVE-2022-41966 | 7.5 Wysoka |
Jira Service Management Data Center and Server | 5.7.0 do 5.7.25.6.05.5.0 do 5.5.15.4.0 do 5.4.17 (LTS)5.3.0 do 5.3.35.2.0 do 5.2.15.1.0 do 5.1.1 | 5.8.0 lub wcześniejsze5.12.0 do 5.12.11 (LTS) rekomendowane5.4.18 do 5.4.24 (LTS) | DoS (Denial of Service) com.thoughtworks.xstream:xstream Dependency in Jira Service Management Data Center and Server | CVE-2022-41966 | 7.5 Wysoka |