Security Bulletin - říjen 2024

Released Security Vulnerabilities

Product & Release Notes

Affected Versions

Fixed Version

Vulnerability Summary

CVE ID

CVSS Severity

Bitbucket Data Center and Server

9.2.0
8.19.0 to 8.19.9 (LTS)
8.9.0 to 8.9.19 (LTS)

9.2.1 pouze pro Data Center
8.19.10 (LTS) doporučená verze, pouze pro Data Center
8.9.20 (LTS)

Bundled JRE Dependency in Bitbucket Data Center and Server

CVE-2024-21147

7.4 High

Confluence Data Center and Server

8.9.0 to 8.9.2
8.8.0 to 8.8.1
8.7.1 to 8.7.2
8.6.0 to 8.6.2
8.5.0 to 8.5.10 (LTS)
8.4.0 to 8.4.5
8.3.0 to 8.3.4
8.2.0 to 8.2.3
8.1.0 to 8.1.4
8.0.0 to 8.0.4
7.20.1 to 7.20.3
7.19.3 to 7.19.25 (LTS)

8.9.3 - 8.9.7 pouze pro Data Center
8.5.11 - 8.5.16 (LTS) doporučená verze
7.19.26 - 7.19.28 (LTS)

Stored XSS in Confluence Data Center and Server

CVE-2024-4367

8.1 High

ReDoS (Regular Expression Denial of Service) moment Dependency in Confluence Data Center and Server

CVE-2022-31129

7.5 High

Directory Traversal moment Dependency in Confluence Data Center and Server

CVE-2022-24785

7.5 High

DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server

CVE-2024-29131

7.3 High

Jira Service Management Data Center and Server

10.0.0 to 10.0.1
5.17.0 to 5.17.3
5.16.0 to 5.16.1
5.15.2
5.14.0 to 5.14.1
5.13.0 to 5.13.1
5.12.0 to 5.12.13 (LTS)

10.1.1 pouze pro Data Center
5.17.4 pouze pro Data Center
5.12.14 (LTS) doporučená verze

Stack-based Buffer Overflow com.google.protobuf:protobuf-java Dependency in Jira Service Management Data Center and Server

CVE-2024-7254

7.5 High