Atlassian publikuje poprawki do swoich produktów 04/25 (P25-119)

cert.pse-online.pl 1 tydzień temu

15 kwietnia 2025 r. firma Atlassian opublikowała ostrzeżenie dotyczące bezpieczeństwa w celu rozwiązania luk w następujących produktach:

• Bamboo Data Center and Server – wiele wersji

• Confluence Data Center and Server – wiele wersji

• Jira Data Center and Server – wiele wersji

• Jira Service Management Data Center and Server – wiele wersji

Opublikowane podatności
Link/Informacja	Wersja podatna	Patch	Opis podatności	CVE ID	CVSS krytyczność
Bamboo Data Center and Server	10.2.0 do 10.2.2 (LTS) 10.1.0 do 10.1.1 10.0.0 do 10.0.3 9.6.0 do 9.6.10 (LTS)	10.2.3 (LTS) rekomendacja Data Center Only 9.6.11 do 9.6.12 (LTS) Data Center Only	DoS (Denial of Service) net.minidev:json-smart Dependency in Bamboo Data Center and Server	CVE-2024-57699	7.5 Wysoka
Confluence Data Center and Server	9.3.1 do 9.3.2 9.2.0 do 9.2.2 (LTS) 9.1.0 do 9.1.1 9.0.1 do 9.0.3 8.9.0 do 8.9.8 8.8.0 do 8.8.1 8.7.1 do 8.7.2 8.6.0 do 8.6.2 8.5.0 do 8.5.20 (LTS) 8.4.0 do 8.4.5 8.3.0 do 8.3.4 8.2.2 do 8.2.3 7.19.15 do 7.19.30 (LTS)	9.4.0 Data Center Only 9.2.3 (LTS) rekomendacja Data Center Only 8.5.21 (LTS)	DoS (Denial of Service) io.netty:netty-handler Dependency in Confluence Data Center and Server	CVE-2025-24970	7.5 Wysoka
Confluence Data Center and Server			XXE (XML External Entity Injection) org.codehaus.jackson:jackson-mapper-asl Dependency in Confluence Data Center and Server	CVE-2019-10172	7.5 Wysoka
Jira Data Center and Server	10.5.0 10.4.0 do 10.4.1 10.3.0 do 10.3.4 (LTS) 10.2.0 do 10.2.1 10.1.1 do 10.1.2 10.0.0 do 10.0.1 9.17.0 do 9.17.5 9.16.0 do 9.16.1 9.15.2 9.14.0 do 9.14.1 9.13.0 do 9.13.1 9.12.0 do 9.12.19 (LTS)	10.5.1 Data Center Only 10.3.5 (LTS) rekomendacja Data Center Only 9.12.22 (LTS)	XXE (XML External Entity Injection) in Jira Core Data Center and Server and Jira Software Server	CVE-2021-33813	7.7 Wysoka
Jira Data Center and Server			DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Software Data Center and Server	CVE-2024-57699	7.5 Wysoka
Jira Service Management Data Center and Server	10.5.0 10.4.0 do 10.4.1 10.3.0 do 10.3.4 (LTS) 10.2.0 do 10.2.1 10.1.1 do 10.1.2 10.0.0 do 10.0.1 5.17.0 do 5.17.5 5.16.0 do 5.16.1 5.15.2 5.14.0 do 5.14.1 5.13.0 do 5.13.1 5.12.0 do 5.12.19 (LTS)	10.5.1 Data Center Only 10.3.5 (LTS) rekomendacja Data Center Only 5.12.22 (LTS)	XXE (XML External Entity Injection) in Jira Service Management Data Center and Server	CVE-2021-33813	7.7 Wysoka
Jira Service Management Data Center and Server			DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Service Management Data Center and Server	CVE-2024-57699	7.5 Wysoka