Atlassian Family July 2024 Security Update Advisory

Jul 17 2024

Overview

Atlassian(https://www.atlassian.com/) has released a security update that addresses a vulnerability in a product it has been made. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2022-41966

Jira Service Management Data Center 4.20.0 version

Jira Service Management Data Center 5.0.0 version

Jira Service Management Data Center 5.1.0 (inclusive) ~ 5.1.1 (inclusive)

Jira Service Management Data Center 5.2.0 (inclusive) ~ 5.2.1 (inclusive)

Jira Service Management Data Center 5.3.0 (inclusive) ~ 5.3.3 (inclusive)

Jira Service Management Data Center 5.4.0 (inclusive) ~ 5.4.17 (inclusive)

Jira Service Management Data Center 5.5.0 (inclusive) ~ 5.5.1 (inclusive)

Jira Service Management Data Center 5.6.0 version

Jira Service Management Data Center 5.7.0 (inclusive) ~ 5.7.1 (inclusive)

Jira Service Management Server 4.20.0 version

Jira Service Management Server 5.0.0 version

Jira Service Management Server 5.1.0 (inclusive) ~ 5.1.1 (inclusive)

Jira Service Management Server 5.2.0 (inclusive) ~ 5.2.1 (inclusive)

Jira Service Management Server 5.3.0 (inclusive) ~ 5.3.3 (inclusive)

Jira Service Management Server 5.4.0 (inclusive) ~ 5.4.17 (inclusive)

Jira Service Management Server 5.5.0 (inclusive) ~ 5.5.1 (inclusive)

Jira Service Management Server 5.6.0 version

Jira Service Management Server version 5.7.0 (inclusive) ~ 5.7.1 (inclusive)

Jira Software Data Center 8.20.0 version

Jira Software Data Center 9.0.0 version

Jira Software Data Center 9.1.0 (inclusive) ~ 9.1.1 (inclusive)

Jira Software Data Center 9.1.1 version

Jira Software Data Center 9.2.0 (inclusive) ~ 9.2.1 (inclusive)

Jira Software Data Center 9.2.1 version

Jira Software Data Center 9.3.0 (inclusive) ~ 9.3.3 (inclusive)

Jira Software Data Center 9.3.3 version

Jira Software Data Center 9.4.0 (inclusive) ~ 9.4.17 (inclusive)

Jira Software Data Center 9.4.17 version

Jira Software Data Center 9.5.0 (inclusive) ~ 9.5.1 (inclusive)

Jira Software Data Center 9.5.1 version

Jira Software Data Center 9.6.0 version

Jira Software Data Center 9.7.0 (inclusive) ~ 9.7.1 (inclusive)

Jira Software Data Center 9.7.1 version

Jira Software Server 8.20.0 version

Jira Software Server 9.0.0 version

Jira Software Server 9.1.0 (inclusive) ~ 9.1.1 (inclusive)

Jira Software Server 9.2.0 (inclusive) ~ 9.2.1 (inclusive)

Jira Software Server 9.3.0 (inclusive) ~ 9.3.3 (inclusive)

Jira Software Server 9.4.0 (inclusive) ~ 9.4.17 (inclusive)

Jira Software Server 9.5.0 (inclusive) ~ 9.5.1 (inclusive)

Jira Software Server 9.6.0 version

Jira Software Server versions 9.7.0 (inclusive) ~ 9.7.1 (inclusive)

CVE-2024-21687

Bamboo Data Center and Server versions: 9.6.0 (inclusive) ~ 9.6.3 LTS (inclusive)

Bamboo Data Center and Server versions: 9.5.0 (inclusive) ~ 9.5.2 (inclusive)

Bamboo Data Center and Server versions: 9.4.0 (inclusive) ~ 9.4.3 (inclusive)

Bamboo Data Center and Server versions: 9.3.0 (inclusive) ~ 9.3.6 (inclusive)

Bamboo Data Center and Server versions: 9.2.0 (inclusive) ~ 9.2.15 LTS (inclusive)

Bamboo Data Center and Server versions: 9.1.0 (inclusive) ~ 9.1.3 (inclusive)

Bamboo Data Center and Server versions: 9.0.0 (inclusive) ~ 9.0.4 (inclusive)

CVE-2024-21686

Confluence Data Center versions: ~ 8.9.0 (inclusive)

Confluence Data Center versions: 8.8.0 (inclusive) ~ 8.8.1 (inclusive)

Confluence Data Center versions: 8.7.0 (inclusive) ~ 8.7.2 (inclusive)

Confluence Data Center versions: 8.6.0 (inclusive) ~ 8.6.2 (inclusive)

Confluence Data Center versions: 8.5.0 (inclusive) ~ 8.5.8 LTS (inclusive)

Confluence Data Center versions: 8.4.0 (inclusive) ~ 8.4.5 (inclusive)

Confluence Data Center versions: 8.3.0 (inclusive) ~ 8.3.4 (inclusive)

Confluence Data Center versions: 8.2.0 (inclusive) ~ 8.2.3 (inclusive)

Confluence Data Center versions: 8.1.0 (inclusive) ~ 8.1.4 (inclusive)

Confluence Data Center versions: 8.0.0 (inclusive) ~ 8.0.4 (inclusive)

Confluence Data Center versions: 7.20.0 (inclusive) ~ 7.20.3 (inclusive)

Confluence Data Center versions: 7.19.0 (inclusive) ~ 7.19.21 LTS (inclusive)

Confluence Data Center versions: 7.18.0 (inclusive) ~ 7.18.3 (inclusive)

Confluence Data Center versions: 7.17.0 (inclusive) ~ 7.17.5 (inclusive)

Confluence Server versions: 8.5.0 (inclusive) ~ 8.5.8 LTS (inclusive)

Confluence Server versions: 8.4.0 (inclusive) ~ 8.4.5 (inclusive)

Confluence Server versions: 8.3.0 (inclusive) ~ 8.3.4 (inclusive)

Confluence Server versions: 8.2.0 (inclusive) ~ 8.2.3 (inclusive)

Confluence Server versions: 8.1.0 (inclusive) ~ 8.1.4 (inclusive)

Confluence Server versions: 8.0.0 (inclusive) ~ 8.0.4 (inclusive)

Confluence Server versions: 7.20.0 (inclusive) ~ 7.20.3 (inclusive)

Confluence Server versions: 7.19.0 (inclusive) ~ 7.19.21 LTS (inclusive)

Confluence Server versions: 7.18.0 (inclusive) ~ 7.18.3 (inclusive)

Confluence Server versions: 7.17.0 (inclusive) ~ 7.17.5 (inclusive)

Resolved Vulnerabilities

Vulnerability in Jira Software Data Center/Server that could allow a denial of service attack (CVE-2022-41966, CVSS 7.5) [1]

Vulnerability in Bamboo Data Center and Server that could allow an authenticated attacker to obtain an application to display the contents of a local file or execute another file already stored locally on the server (CVE-2024-21687) [1]

Vulnerability in Confluence Data Center/Server that could allow an authenticated attacker to execute arbitrary HTML or JavaScript code in the victim’s browser (CVE-2024-21686)

Vulnerability Patches

Please follow the security advisory published on July 16 to update to the applicable version and the latest version.

CVE-2022-41966

Jira Service Management Data Center 5.4.18 version

Jira Service Management Data Center 5.8.0 version

Jira Service Management Data Center 5.12.0 version

Jira Service Management Server 5.4.18 version

Jira Service Management Server 5.8.0 version

Jira Service Management Server 5.12.0 version

Jira Software Data Center 9.4.18 version

Jira Software Data Center 9.7.2 version

Jira Software Data Center 9.8.0 version

Jira Software Data Center 9.12.0 version

Jira Software Server 9.4.18 version

Jira Software Server 9.8.0 version

Jira Software Server 9.12.0 version

CVE-2024-21687

Bamboo Data Center and Server version: 9.6.4 LTS

Bamboo Data Center and Server version: 9.6.4 LTS or 9.2.16 LTS

CVE-2024-21686

Confluence Data Center version: 8.9.1

Confluence Data Center version: 8.9.1 or 8.5.9 LTS

Confluence Data Center version: 8.9.1 or 8.5.9 LTS or 7.19.22 LTS

Confluence Server version: 8.5.9 LTS

Confluence Server version: 8.5.9 LTS or 7.19.22 LTS

Referenced Sites

[1] DoS (Denial of Service) com.thoughtworks.xstream:xstream Dependency in Jira Software Data Center and Server

https://jira.atlassian.com/browse/JSWSERVER-25951

[2] Atlassian Security Advisories & Bulletins

https://www.atlassian.com/trust/security/advisories

[3] CVE-2024-21687 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-21687

[4] Security Bulletin – July 16 2024

https://confluence.atlassian.com/security/security-bulletin-july-16-2024-1417150917.html

[5] CVE-2024-21686 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-21686

[6] Stored XSS in Confluence Data Center and Server

https://jira.atlassian.com/browse/CONFSERVER-96134

Atlassian Family July 2024 Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Oracle Family July 2024 Security Update Advisory

IBM Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Oracle Family July 2024 Security Update Advisory

IBM Product Security Update Advisory