Atlassian publikuje poprawki do swoich produktów 08/24 (P24-273)

cert.pse-online.pl 3 miesięcy temu

Firma Atlassian opublikowała porady dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach następujących produktów:

ProduktPodatne wersjeAktualizacjaPodatnośćCVE IDCVSS
Krytyczność
Bamboo Data Center and Server9.6.0 to 9.6.4 (LTS)9.5.0 to 9.5.39.4.0 to 9.4.49.3.0 to 9.3.69.2.1 to 9.2.16 (LTS)9.1.0 to 9.1.39.0.0 to 9.0.49.6.5 (LTS) recommended Data Center Only9.2.17 (LTS)RCE (Remote Code Execution) in Bamboo Data Center and ServerCVE-2024-216897.6 High
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bamboo Data Center and ServerCVE-2024-298577.5 High
Confluence Data Center and Server8.9.0 to 8.9.48.8.0 to 8.8.18.7.1 to 8.7.28.6.0 to 8.6.28.5.0 to 8.5.12 (LTS)8.4.0 to 8.4.58.3.0 to 8.3.48.2.0 to 8.2.38.1.0 to 8.1.48.0.0 to 8.0.47.20.0 to 7.20.37.19.0 to 7.19.259.0.1 to 9.0.2 Data Center Only8.9.58.5.14 (LTS) recommended7.19.26 (LTS)DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Confluence Data Center and ServerCVE-2024-347507.5 High
Reflected XSS and CSRF (Cross-Site Request Forgery) in Confluence Data Center and ServerCVE-2024-216907.1 High
Crowd Data Center and Server5.3.0 to 5.3.25.2.0 to 5.2.45.1.0 to 5.1.96.0.0 to 6.0.1 Data Center Only5.3.3 recommended5.2.6 to 5.2.75.1.11SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and ServerCVE-2024-222598.1 High
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and ServerCVE-2024-222438.1 High
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and ServerCVE-2024-222628.1 High
Jira Data Center and Server9.17.09.16.0 to 9.16.19.12.0 to 9.12.11 (LTS)9.4.0 to 9.4.24 (LTS)9.17.1 to 9.17.2 Data Center Only9.12.12 (LTS) recommended9.4.25 (LTS)DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and ServerCVE-2024-347507.5 High
Jira Service Management Data Center and Server5.17.05.16.0 to 5.16.15.12.0 to 5.12.11 (LTS)5.4.0 to 5.4.24 (LTS)5.17.1 to 5.17.2 Data Center Only5.12.12 (LTS) recommended5.4.25 (LTS)DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and ServerCVE-2024-347507.5 High
Idź do oryginalnego materiału