The vulnerabilities reported in this Security Bulletin include 6 high-severity vulnerabilities which have been fixed in new versions of our products, released in the last month. These vulnerabilities are discovered via our Bug Bounty program, pen-testing processes, and third-party library scans.
To fix all the vulnerabilities impacting your product(s), Atlassian recommends patching your instances to the latest version or one of the Fixed Versions for each product below. The listed Fixed Versions for each product are current as of October 15, 2024 (date of publication); visit the linked product Release Notes
URL:
https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html
Vulnerabilities
- Bundled JRE Dependency in Bitbucket Data Center and Server
- Stored XSS in Confluence Data Center and Server
- ReDoS (Regular Expression Denial of Service) moment Dependency in Confluence Data Center and Server
- Directory Traversal moment Dependency in Confluence Data Center and Server
- DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server
- Stack-based Buffer Overflow com.google.protobuf:protobuf-java Dependency in Jira Service Management Data Center and Server
Recommended Comments
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now