Atlassian publikuje poprawki do swoich produktów 03/24 (P24-093)

cert.pse-online.pl 9 miesięcy temu

19 marca 2024 r. firma Atlassian opublikowała porady dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach następujących produktów:

Bamboo Data Center – wiele wersji

Serwer Bamboo – wiele wersji

Bitbucket Data Center – wiele wersji

Serwer Bitbucket – wiele wersji

Confluence Data Center – wiele wersji

Serwer Confluence – wiele wersji

Jira Service Management Data Center – wiele wersji

Jira Service Management Server – wiele wersji

Jira Software Data Center – wiele wersji

Jira Software Server – wiele wersji

ProduktWersja podatnaAktualizacjaLink/OpisCVECVSS
Bamboo Data Center and Server9.5.0 do 9.5.1 9.4.0 do 9.4.3 9.3.0 do 9.3.6 9.2.0 do 9.2.11 (LTS) 9.1.0 do 9.1.3 9.0.0 do 9.0.4 8.2.0 do 8.2.9 Wszelkie wcześniejsze wersjeTylko zalecane centrum danych w wersji 9.6.0 (LTS) lub 9.5.2 9.4.4 9.2.12 (LTS)


SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and ServerCVE-2024-159710.0
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bamboo Data Center and ServerCVE-2024-216347.5
Bitbucket Data Center and Server8.18.0 8.17.0 do 8.17.1 8.16.0 do 8.16.2 8.15.0 do 8.15.3 8.14.0 do 8.14.4 8.13.0 do 8.13.5 8.12.0 do 8.12.3 8.11.0 do 8.11.1 8.10.0 do 8.10.1 8.9.0 do 8.9.9 (LTS) Wszelkie wcześniejsze wersje (z wyjątkiem 7.21.22)8.19.0 (LTS) recommended Data Center Only

8.18.1 8.17.2 8.16.3 to 8.16.4

8.15.4 to 8.15.5

8.14.5 to 8.14.6

8.13.6 8.9.10 to 8.9.11 (LTS)

7.21.22 to 7.21.23
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bitbucket Data Center and ServerCVE-2024-216347.5
Confluence Data Center and Server8.8.0 8.7.0 do 8.7.2 8.6.0 do 8.6.2 8.5.0 do 8.5.6 (LTS) 8.4.0 do 8.4.5 8.3.0 do 8.3.4 8.2.0 do 8.2.3 8.1.0 do 8.1.4 8.0.0 do 8.0.4 7.20.0 do 7.20.3 7.19.0 (LTS) do 7.19.19 (LTS) 7.18.0 do 7.18.3 7.17.0 do 7.17.5 Wszelkie wcześniejsze wersjeZalecana wersja 8.8.1 Tylko centrum danych 8.5.7 (LTS) 7.19.20 (LTS)Path Traversal in Confluence Data CenterCVE-2024-216778.3
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Confluence Data Center and ServerCVE-2023-364787.5
Jira Software Data Center and Server9.12.0 do 9.12.2 LTS 9.11.0 do 9.11.3 9.10.0 do 9.10.2 9.9.0 do 9.9.2 9.8.0 do 9.8.2 9.7.0 do 9.7.2 9.6.0 9.5.0 do 9.5.1 9.4.0 do 9.4.17 LTS 9.3.0 do 9.3.3 9.2.0 do 9.2.1 9.1.0 do 9.1.1 9.0.0 Wszelkie wcześniejsze wersjeZalecana wersja 9.14.1 lub Tylko centrum danych 9.14.0 9.13.0 do 9.13.1 9.12.3 do 9.12.5 (LTS) 9.4.18 (LTS)












DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2022-401507.5
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-344557.5
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and ServerCVE-2022-428907.5
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and ServerCVE-2022-417047.5
SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and ServerCVE-2022-401467.5
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2023-14367.5
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2022-456857.5
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and ServerCVE-2022-295467.5
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2022-401497.5
DoS (Denial of Service) org.apache.avro:avro Dependency in Jira Software Data Center and ServerCVE-2023-394107.5
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-344547.5
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-344537.5
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-436427.5
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and ServerCVE-2022-35097.5
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and ServerCVE-2022-31717.5
DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and ServerCVE-2023-50727.5
DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and ServerCVE-2022-456887.5
RCE (Remote Code Execution) xalan:xalan Dependency in Jira Software Data Center and ServerCVE-2022-341697.5
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and ServerCVE-2022-248397.5
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and ServerCVE-2022-283667.5
Idź do oryginalnego materiału