March 2024 Second Security Update Advisory for Atlassian Products

Mar 20 2024

Overview

Atlassian has released an update to address a vulnerability in our products. users of affected versions are advised to update to the latest version.

Affected Products

Cve-2024-1597, cve-2024-21634

Bamboo Data Center and Server 9.5.0 through 9.5.1 Versions
Bamboo Data Center and Server 9.4.0 through 9.4.3 Versions
Bamboo Data Center and Server 9.3.0 through 9.3.6 Versions
Bamboo Data Center and Server 9.2.0 through 9.2.11 (LTS) versions
Bamboo Data Center and Server 9.1.0 through 9.1.3 versions
Bamboo Data Center and Server 9.0.0 through 9.0.4 Versions
Bamboo Data Center and Server 8.2.0 through 8.2.9 versions

CVE-2024-21634

Bitbucket Data Center and Server 8.18.0 through 8.18.0 Versions
Bitbucket Data Center and Server 8.17.0 through 8.17.1 Versions
Bitbucket Data Center and Server 8.16.0 through 8.16.2 Versions
Bitbucket Data Center and Server 8.15.0 through 8.15.3 versions
Bitbucket Data Center and Server 8.14.0 through 8.14.4 versions
Bitbucket Data Center and Server 8.13.0 through 8.13.5 versions
Bitbucket Data Center and Server 8.12.0 through 8.12.3 Versions
Bitbucket Data Center and Server 8.11.0 through 8.11.1 versions
Bitbucket Data Center and Server 8.10.0 through 8.10.1 versions
Bitbucket Data Center and Server 8.9.0 through 8.9.9 (LTS) versions

Cve-2024-21677, cve-2023-36478

Confluence Data Center and Server 8.8.0 versions
Confluence Data Center and Server 8.7.0 through 8.7.2 versions
Confluence Data Center and Server 8.6.0 through 8.6.2 versions
Confluence Data Center and Server 8.5.0 through 8.5.6 (LTS) versions
Confluence Data Center and Server 8.4.0 through 8.4.5 (LTS) versions
Confluence Data Center and Server 8.3.0 through 8.3.4 (LTS) versions
Confluence Data Center and Server 8.2.0 through 8.2.3 versions
Confluence Data Center and Server 8.1.0 through 8.1.4 versions
Confluence Data Center and Server 8.0.0 through 8.0.4 versions
Confluence Data Center and Server 7.20.0 through 7.20.3 versions
Confluence Data Center and Server 7.19.0 (LTS) through 7.19.19 (LTS) versions
Confluence Data Center and Server 7.18.0 through 7.18.3 (LTS) versions
Confluence Data Center and Server 7.17.0 through 7.17.5 versions

CVE-2022-40150, CVE-2023-34455, CVE-2022-42890, CVE-2022-41704, CVE-2022-40146, CVE-2023-1436, CVE-2022-45685, CVE-2022-29546, CVE-2022-40149, CVE-2023-39410, Cve-2023-34454, cve-2023-34453, cve-2023-43642, cve-2022-3509, cve-2022-3171, cve-2023-5072, cve-2022-45688, cve-2022-34169, cve-2022-24839, cve-2022-28366

Jira Software Data Center and Server 9.12.0 through 9.12.2 LTS versions
Jira Software Data Center and Server 9.11.0 through 9.11.3 versions
Jira Software Data Center and Server 9.10.0 through 9.10.2 versions
Jira Software Data Center and Server 9.9.0 through 9.9.2 versions
Jira Software Data Center and Server 9.8.0 through 9.8.2 versions
Jira Software Data Center and Server 9.7.0 through 9.7.2 versions
Jira Software Data Center and Server 9.6.0 versions
Jira Software Data Center and Server 9.5.0 through 9.5.1 versions
Jira Software Data Center and Server 9.4.0 through 9.4.17 LTS versions
Jira Software Data Center and Server 9.3.0 through 9.3.3 versions
Jira Software Data Center and Server 9.2.0 through 9.2.1 versions
Jira Software Data Center and Server 9.1.0 through 9.1.1 versions
Jira Software Data Center and Server 9.0.0 versions

Resolved Vulnerabilities

SQL Injection Vulnerability in Bamboo Data Center and Server (CVE-2024-1597)

DoS vulnerability in Bamboo Data Center and Server and Bitbucket Data Center and Serve (CVE-2024-21634)

Path traversal vulnerability in Confluence Data Center (CVE-2024-21677)

DoS Vulnerability in Confluence Data Center and Server (CVE-2023-36478)

DoS vulnerabilities in Jira Software Data Center and Server (CVE-2022-40150, CVE-2023-34455, CVE-2023-1436, CVE-2022-45685, CVE-2022-29546, CVE-2022-40149, Cve-2023-39410, cve-2023-34454, cve-2023-34453, cve-2023-43642, cve-2022-3509, cve-2022-3171, cve-2023-5072, cve-2022-45688, cve-2022-24839, cve-2022-28366)

RCE Vulnerabilities in Jira Software Data Center and Server (CVE-2022-42890, CVE-2022-41704, CVE-2022-34169)

SSRF Vulnerability in Jira Software Data Center and Server (CVE-2022-40146)

Vulnerability Patches

vulnerability patches were made available in the March 19, 2024 update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Cve-2024-1597, cve-2024-21634

Bamboo Data Center 9.6.0 (LTS) , 9.5.2 Versions
Bamboo Data Center and Server 9.4.4 version
Bamboo Data Center and Server 9.2.12 (LTS) version

CVE-2024-21634

Bitbucket Data Center 8.19.0 (LTS) version
Bitbucket Data Center and Server 8.18.1 (LTS) version
Bitbucket Data Center and Server 8.17.2 version
Bitbucket Data Center and Server 8.16.3 to 8.16.4 versions
Bitbucket Data Center and Server 8.15.4 to 8.15.5 Versions
Bitbucket Data Center and Server 8.14.5 to 8.14.6 Versions
Bitbucket Data Center and Server 8.13.6 Versions
Bitbucket Data Center and Server 8.9.10 to 8.9.11 (LTS) versions
Bitbucket Data Center and Server 7.21.22 to 7.21.23 (LTS) versions

Cve-2024-21677, cve-2023-36478

Confluence Data Center 8.8.1 version
Confluence Data Center and Server 8.5.7 (LTS) version
Confluence Data Center and Server 7.19.20 (LTS) version

Jira Software Data Center 9.14.1 version
Jira Software Data Center and Server versions 9.13.0 through 9.13.1
Jira Software Data Center and Server 9.12.3 to 9.12.5 (LTS) versions
Jira Software Data Center and Server 9.4.18 (LTS) versions

Referenced Sites

[1] Security Bulletin – March 19 2024

https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html

March 2024 Second Security Update Advisory for Atlassian Products

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Fortra Product Security Update Advisory (CVE-2024-25153)

MS Family March 2024 Routine Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Fortra Product Security Update Advisory (CVE-2024-25153)

MS Family March 2024 Routine Security Update Advisory