Atlassian publikuje poprawki do swoich produktów 12/24 (P24-413)

cert.pse-online.pl 1 tydzień temu

10 grudnia 2024 r. firma Atlassian opublikowała ostrzeżenie dotyczące bezpieczeństwa w celu rozwiązania luk w następujących produktach:

• Bamboo Data Center i Server – wiele wersji

• Bitbucket Data Center i Server – wiele wersji

• Confluence Data Center i Server – wiele wersji

Released Security Vulnerabilities
Produkt	Wersja	Aktualizacja	Opis/Link	CVE ID	CVSS
Bamboo Data Center and Server	9.6.0 do 9.6.2 (LTS) 9.5.0 do 9.5.4 9.4.0 do 9.4.4 9.3.0 do 9.3.6 9.2.1 do 9.2.14 (LTS) 9.1.0 do 9.1.3 9.0.2 do 9.0.4	9.6.3 do 9.6.8 (LTS) Zalecany tylko dla Data Center 9.2.15 do 9.2.21 (LTS)	org.apache.commons:commons-compress Dependency in Bamboo Data Center and Server	CVE-2024-25710	8.1 Wysoka
			com.amazonaws:aws-java-sdk-s3 Dependency in Bamboo Data Center and Server	CVE-2022-31159	7.9 Wysoka
			DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bamboo Data Center and Server	CVE-2024-30172	7.5 Wysoka
			DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center and Server	CVE-2024-24549	7.5 Wysoka
			DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Bamboo Data Center and Server	CVE-2023-52428	7.5 Wysoka
Bitbucket Data Center and Server	9.3.0 do 9.3.1 8.19.0 do 8.19.11 (LTS) 8.18.0 do 8.18.1 8.17.0 do 8.17.2 8.16.0 do 8.16.4 8.15.0 do 8.15.5 8.14.0 do 8.14.6 8.13.0 do 8.13.6 8.12.0 do 8.12.6 8.11.0 do 8.11.6 8.10.0 do 8.10.6 8.9.0 do 8.9.21 (LTS) 8.8.0 do 8.8.7 8.7.0 do 8.7.5 8.6.2 do 8.6.4 8.5.2 do 8.5.4 8.4.3 do 8.4.4 8.3.4 7.21.8 do 7.21.23 (LTS)	9.4.0 (LTS) Zalecany tylko dla Data Center 9.3.2 tylko Data Center 8.19.12 (LTS) Data Center tylko 8.9.22 (LTS)	com.hazelcast:hazelcast Dependency in Bitbucket Data Center and Server	CVE-2023-45859	7.6 Wysoka
			DoS (Denial of Service) in Bitbucket Data Center	CVE-2024-4067	7.5 Wysoka
			org.springframework:spring-webmvc Dependency in Bitbucket Data Center and Server	CVE-2024-38816	7.5 Wysoka
Confluence Data Center and Server	9.0.1 do 9.0.3 8.9.0 do 8.9.7 8.8.0 do 8.8.1 8.7.1 do 8.7.2 8.6.0 do 8.6.2 8.5.0 do 8.5.16 (LTS) 8.4.0 do 8.4.5 8.3.0 do 8.3.4 8.2.0 do 8.2.3 8.1.0 do 8.1.4 8.0.1 do 8.0.4 7.20.3 7.19.5 do 7.19.28 (LTS)	9.2.0 (LTS) 9.1.0 do 9.1.1 Data Center 8.9.8 Data Center 8.5.17 do 8.5.18 (LTS) zalecany 7.19.29 do 7.19.30 (LTS)	org.apache.commons:commons-compress Dependency in Confluence Data Center and Server	CVE-2024-25710	8.1 Wysoka
			com.hazelcast:hazelcast Dependency in Confluence Data Center and Server	CVE-2023-45859	7.6 Wysoka
			DoS (Denial of Service) minimatch Dependency in Confluence Data Center	CVE-2022-3517	7.5 Wysoka
			Prototype Pollution json5 Dependency in Confluence Data Center	CVE-2022-46175	7.1 Wysoka