Atlassian publikuje poprawki do swoich produktów 10/24 (P24-349)

cert.pse-online.pl 1 rok temu

15 października 2024 r. firma Atlassian opublikowała biuletyn bezpieczeństwa, aby rozwiązać problemy z lukami w następujących produktach:

• Bitbucket Data Center i Server – wiele wersji

• Confluence Data Center i Server – wiele wersji

• Jira Service Management Data Center i Server – wiele wersji

Produkt/Link	Wersja podatna	Patch	Link	CVE ID	CVSS
Bitbucket Data Center and Server	9.2.0 8.19.0 do 8.19.9 (LTS) 8.9.0 do 8.9.19 (LTS)	9.2.1 Tylko Data Center	Bundled JRE Dependency in Bitbucket Data Center and Server	CVE-2024-21147	7.4 High
Confluence Data Center and Server	8.9.0 do 8.9.2 8.8.0 do 8.8.1 8.7.1 do 8.7.2 8.6.0 do 8.6.2 8.5.0 do 8.5.10 (LTS) 8.4.0 do 8.4.5 8.3.0 do 8.3.4 8.2.0 do 8.2.3 8.1.0 do 8.1.4 8.0.0 do 8.0.4 7.20.1 do 7.20.3 7.19.3 do 7.19.25 (LTS)	8.19.10 (LTS) zalecane Tylko Data Center 8.9.20 (LTS) Wszystkie wersje nowsze niż 9.0.0 Tylko Data Center 8.9.3 do 8.9.7 Tylko Data Center	Stored XSS in Confluence Data Center and Server	CVE-2024-4367	8.1 High
			ReDoS (Regular Expression Denial of Service) moment Dependency in Confluence Data Center and Server	CVE-2022-31129	7.5 High
			Directory Traversal moment Dependency in Confluence Data Center and Server	CVE-2022-24785	7.5 High
			DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server	CVE-2024-29131	7.3 High
Jira Service Management Data Center and Server	10.0.0 do 10.0.1 5.17.0 do 5.17.3 5.16.0 do 5.16.1 5.15.2 5.14.0 do 5.14.1 5.13.0 do 5.13.1 5.12.0 do 5.12.13 (LTS)	8.5.11 do 8.5.16 (LTS) zalecane	Stack-based Buffer Overflow com.google.protobuf:protobuf-java Dependency in Jira Service Management Data Center and Server	CVE-2024-7254	7.5 High