Atlassian publikuje poprawki do swoich produktów 11/24 (P24-389)

utworzone przez | lis 21, 2024 | Aktualizacje, Podatności

19 listopada 2024 r. firma Atlassian opublikowała ostrzeżenia dotyczące bezpieczeństwa w celu rozwiązania luk w następujących produktach:

• Bamboo Data Center i Server – wiele wersji

• Bitbucket Data Center i Server – wiele wersji

• Confluence Data Center i Server – wiele wersji

• Crowd Data Center i Server – wiele wersji

• Jira Data Center i Server – wiele wersji

• Jira Service Management Data Center i Server – wiele wersji

• Sourcetree dla komputerów Mac – wiele wersji

• Sourcetree dla systemu Windows – wiele wersji

 
Produkt/LinkWersja podatnaPatchOpisCVE IDCVSS 
Bamboo Data Center and Server10.0.0 do 10.0.2 9.6.0 do 9.6.7 (LTS) 9.2.1 do 9.2.19 (LTS)10.0.3 Data Center 9.6.8 (LTS) Zalecany Data Center 9.2.20 (LTS)RCE (Remote Code Execution) org.apache.avro:avro Dependency in Bamboo Data Center and ServerCVE-2024-475617.3 Wysoka 
Bitbucket Data Center and Server8.19.0 do 8.19.2 (LTS) 8.18.0 do 8.18.1 8.17.0 do 8.17.2 8.16.0 do 8.16.4 8.15.0 do 8.15.5 8.14.0 do 8.14.6 8.13.0 do 8.13.6 8.12.0 do 8.12.6 8.11.0 do 8.11.6 8.10.0 do 8.10.6 8.9.0 do 8.9.13 (LTS) 8.8.0 do 8.8.7 8.7.0 do 8.7.5 8.6.2 do 8.6.4 8.5.2 do 8.5.4 8.4.3 do 8.4.4 8.3.49.0.0 do 9.0.1 Data Center 8.19.3 do 8.19.11 (LTS) Zalecany Data Center 8.9.14 do 8.9.21 (LTS)DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bitbucket Data Center and ServerCVE-2024-301727.5 Wysoka 
DoS (Denial of Service) org.apache.domcat.embed:domcat-embed-core Dependency in Bitbucket Data Center and ServerCVE-2024-245497.5 Wysoka 
Confluence Data Center and Server9.1.0 9.0.1 do 9.0.3 8.9.0 do 8.9.7 8.8.0 do 8.8.1 8.7.1 do 8.7.2 8.6.0 do 8.6.2 8.5.0 do 8.5.16 (LTS) 8.4.0 do 8.4.5 8.3.0 do 8.3.4 8.2.0 do 8.2.3 8.1.0 do 8.1.4 8.0.0 do 8.0.4 7.20.3 7.19.4 do 7.19.28 (LTS)9.1.1 Data Center 8.9.8 Data Center 8.5.17 (LTS) Zalecany 7.19.29 (LTS)DoS (Denial of Service) braces Dependency in Confluence Data CenterCVE-2024-40687.5 Wysoka 
DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Confluence Data Center and ServerCVE-2023-524287.5 Wysoka 
DoS (Denial of Service) decode-uri-component Dependency in Confluence Data CenterCVE-2022-389007.5 Wysoka 
BASM (Broken Authentication & Session Management) browserify-sign Dependency in Confluence Data CenterCVE-2023-462347.5 Wysoka 
Path Traversal org.springframework:spring-webmvc Dependency in Confluence Data Center and ServerCVE-2024-388167.5 Wysoka 
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Confluence Data Center and ServerCVE-2024-301727.5 Wysoka 
DoS (Denial of Service) org.apache.domcat:domcat-coyote Dependency in Confluence Data Center and ServerCVE-2024-245497.5 Wysoka 
Crowd Data Center and Server6.0.0 do 6.0.2 5.3.0 do 5.3.5 5.2.0 do 5.2.10 5.1.1 do 5.1.136.1.1 do 6.1.2 Zalecany Data Center 6.0.3 do 6.0.4 Data Center 5.3.6 Data CenterDoS (Denial of Service) org.apache.domcat:domcat-coyote Dependency in Crowd Data Center and ServerCVE-2024-382868.6 Wysoka 
DoS (Denial of Service) domcat Dependency in Crowd Data CenterCVE-2024-347507.5 Wysoka 
DoS (Denial of Service) org.apache.domcat:domcat-coyote Dependency in Crowd Data Center and ServerCVE-2024-347507.5 Wysoka 
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Crowd Data Center and ServerCVE-2024-301727.5 Wysoka 
DoS (Denial of Service) org.apache.domcat:domcat-coyote Dependency in Crowd Data Center and ServerCVE-2024-245497.5 Wysoka 
Jira Data Center and Server10.0.0 do 10.0.1 9.17.0 do 9.17.3 9.12.0 do 9.12.14 (LTS) 9.4.1 do 9.4.27 (LTS)10.1.1 do 10.1.2 Data Center 9.17.4 do 9.17.5 Data Center 9.12.15 (LTS) Zalecany 9.4.28 (LTS)XSS (Cross Site Scripting) DOMPurify Dependency in Jira Core Data Center and ServerCVE-2024-458018.3 Wysoka 
Jira Service Management Data Center and Server10.0.0 do 10.0.1 5.17.0 do 5.17.5 5.16.0 do 5.16.1 5.15.2 5.14.0 do 5.14.1 5.13.0 do 5.13.1 5.12.0 do 5.12.14 (LTS) 5.11.0 do 5.11.3 5.10.0 do 5.10.2 5.9.0 do 5.9.2 5.8.0 do 5.8.2 5.7.0 do 5.7.2 5.6.0 5.5.0 do 5.5.1 5.4.1 do 5.4.27 (LTS) 5.3.2 do 5.3.3 5.2.110.1.1 do 10.1.2 Data Center Only 5.12.15 (LTS) Zalecany 5.4.28 (LTS)XSS (Cross Site Scripting) DOMPurify Dependency in Jira Service Management Data Center and ServerCVE-2024-458018.3 Wysoka 
DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Jira Service Management Data Center and ServerCVE-2023-524287.5 Wysoka 
Sourcetree for Mac4.2.8Wszystkie wersje z 4.2.9RCE (Remote Code Execution) in Sourcetree for Mac and Sourcetree for WindowsCVE-2024-216978.8 Wysoka
Sourcetree for Windows3.4.19Wszystkie wersje z 3.4.20RCE (Remote Code Execution) in Sourcetree for Mac and Sourcetree for WindowsCVE-2024-216978.8 Wysoka