Atlassian Products June 2024 Routine Security Update Advisory

Overview

 

An update has been released to address vulnerabilities in Atlassian products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

• Jira Data Center and Server versions: 9.12.0 (inclusive) ~ 9.12.7 (LTS) (inclusive)
• Jira Data Center and Server versions: 9.4.0 (inclusive) ~ 9.4.20 (LTS) (inclusive)
• Jira Service Management Data Center and Server version: 5.15.2
• Jira Service Management Data Center and Server versions : 5.12.0 (inclusive) ~ 5.12.7 (LTS) (inclusive)
• Jira Service Management Data Center and Server versions : 5.4.0 (inclusive) ~ 5.4.20 (LTS) (inclusive)

 

Resolved Vulnerabilities

 

Information disclosure vulnerability in Atlassian products that could allow an unauthenticated attacker to affect confidentiality (CVE-2024-21685)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patched version.

 

• Jira Data Center versions: 9.16.0 (inclusive) ~ 9.16.1 (LTS) (inclusive)
• Jira Data Center and Server versions: 9.12.8 (inclusive) ~ 9.12.10 (LTS) recommended (inclusive)
• Jira Data Center and Server versions: 9.4.21 (inclusive) ~ 9.4.23 (LTS) (inclusive)
• Jira Service Management Data Center versions: 5.16.0 (inclusive) ~ 5.16.1 (inclusive)
• Jira Service Management Data Center and Server versions: 5.12.8 (inclusive) ~ 5.12.10 (LTS) recommended (inclusive)
• Jira Service Management Data Center and Server versions: 5.4.21 (inclusive) ~ 5.4.23 (LTS) (inclusive)

 

Referenced Sites

 

[1] CVE-2024-21685 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-21685

[2] Security Bulletin – June 18 2024
https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html