Atlassian publikuje poprawki do swoich produktów 03/25 (P25-085)

cert.pse-online.pl 3 dni temu

18 marca 2025 r. firma Atlassian opublikowała ostrzeżenie dotyczące bezpieczeństwa w celu rozwiązania luk w następujących produktach:

Bamboo Data Center i Server – wiele wersji
Bitbucket Data Center i Server – wiele wersji
Crowd Data Center i Server – wiele wersji
Jira Data Center i Server – wiele wersji
Jira Service Management Data Center i Server – wiele wersji


Produkt	Wersja podatna	Patch	Link	CVE ID	CVSS
Bamboo Data Center and Server	10.2.0 do 10.2.1 (LTS) 10.1.0 do 10.1.1 10.0.0 do 10.0.3 9.6.0 do 9.6.10 (LTS) 9.5.0 do 9.5.4	10.2.2 (LTS) rekomendacja do Data Center tylko 9.6.11 (LTS) Data Center tylko	DoS (Denial of Service) io.netty:netty-handler Dependency in Bamboo Data Center and Server	CVE-2025-24970	7.5
Bitbucket Data Center and Server	9.5.0 9.4.0 do 9.4.2 (LTS) 8.19.0 do 8.19.14 (LTS) 8.18.0 do 8.18.1 8.17.0 do 8.17.2 8.16.0 do 8.16.4 8.15.0 do 8.15.5 8.14.0 do 8.14.6 8.13.0 do 8.13.6 8.12.0 do 8.12.6 8.11.0 do 8.11.6 8.10.0 do 8.10.6 8.9.0 do 8.9.24 (LTS) 8.8.3 do 8.8.7 8.7.3 do 8.7.5 8.6.4 8.5.4	9.5.1 do 9.5.2 Data Center Only 9.4.3 to 9.4.4 (LTS) rekomendacja do Data Center 8.19.15 do 8.19.16 (LTS) Data Center 8.9.25 do 8.9.26 (LTS)	Third-Party Dependency in Bitbucket Data Center	CVE-2024-4367	8.8
			Third-Party Dependency in Bitbucket Data Center	CVE-2024-45296	7.5
			DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bitbucket Data Center and Server	CVE-2024-29857	7.5
			SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bitbucket Data Center and Server	CVE-2022-31197	7.1
			org.postgresql:postgresql Dependency in Bitbucket Data Center and Server	CVE-2022-21724	7
Crowd Data Center and Server	6.2.0 do 6.2.2	6.2.3 rekomendacja do Data Center	DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Crowd Data Center and Server	CVE-2023-52428	7.5
			DoS (Denial of Service) io.netty:netty-handler Dependency in Crowd Data Center and Server	CVE-2025-24970	7.5
			DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Crowd Data Center and Server	CVE-2023-44487	7.5
Jira Data Center and Server	10.4.0 do 10.4.1 10.3.0 do 10.3.3 (LTS) 10.2.0 do 10.2.1 10.1.1 do 10.1.2 10.0.0 do 10.0.1 9.17.0 do 9.17.5 9.16.0 do 9.16.1 9.15.2 9.14.0 do 9.14.1 9.13.0 do 9.13.1 9.12.0 do 9.12.18 (LTS) 9.11.0 do 9.11.3 9.10.0 do 9.10.2 9.9.0 do 9.9.2 9.8.0 do 9.8.2 9.7.0 do 9.7.2	10.5.0 Data Center 10.3.4 (LTS) rekomendacja Data Center 9.12.19 (LTS)	Path Traversal (Arbitrary Read/Write) org.springframework:spring-webmvc Dependency in Jira Software Data Center and Server	CVE-2024-38819	7.5
Jira Data Center and Server			DoS (Denial of Service) com.thoughtworks.xstream:xstream Dependency in Jira Software Data Center and Server	CVE-2024-47072	7.5
Jira Service Management Data Center and Server	10.4.0 do 10.4.1 10.3.0 do 10.3.3 (LTS) 10.2.0 do 10.2.1 10.1.1 do 10.1.2 10.0.0 do 10.0.1 5.17.0 do 5.17.5 5.16.0 do 5.16.1 5.14.0 do 5.14.1 5.13.0 do 5.13.1 5.12.0 do 5.12.18 (LTS) 5.11.0 do 5.11.3 5.10.0 do 5.10.2 5.9.0 do 5.9.2 5.8.0 do 5.8.2 5.7.0 do 5.7.2	10.5.0 Data Center 10.3.4 (LTS) rekomendacja Data Center 5.12.19 (LTS)	Path Traversal (Arbitrary Read/Write) org.springframework:spring-webmvc Dependency in Jira Service Management Data Center and Server	CVE-2024-38819	7.5
Jira Service Management Data Center and Server			DoS (Denial of Service) com.thoughtworks.xstream:xstream Dependency in Jira Service Management Data Center and Server	CVE-2024-47072	7.5