Security Advisory

August 2024 Security Update Advisory for Atlassian Products

  • Aug 20 2024

Overview

 

Atlassian(https://www.atlassian.com/) has released a security update that addresses a vulnerability in a product it has been made. Users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2024-34750

Confluence Data Center 1.0.1 version

Confluence Data Center 7.19.0 version

Confluence Data Center 7.20.0 version

Confluence Data Center 8.0.0 version

Confluence Data Center 8.1.0 version

Confluence Data Center 8.2.0 version

Confluence Data Center 8.3.0 version

Confluence Data Center 8.4.0 version

Confluence Data Center 8.5.0 version

Confluence Data Center 8.6.0 version

Confluence Data Center 8.7.1 version

Confluence Data Center 8.8.0 version

Confluence Data Center 8.9.0 version

Confluence Server 1.0.1 version

Confluence Server 7.19.0 version

Confluence Server 7.20.0 version

Confluence Server 8.0.0 version

Confluence Server 8.1.0 version

Confluence Server 8.2.0 version

Confluence Server 8.3.0 version

Confluence Server 8.4.0 version

Confluence Server 8.5.0 version

Confluence Server 8.6.0 version

Confluence Server 8.7.1 version

Confluence Server 8.8.0 version

Confluence Server 8.9.0 version

Jira Service Management Data Center 5.4.0 (inclusive) ~ 5.4.24 (inclusive)

Jira Service Management Data Center 5.12.0 (inclusive) ~  5.12.11 (inclusive)

Jira Service Management Data Center 5.15.0 version

Jira Service Management Data Center 5.16.0 version

Jira Service Management Data Center 5.17.0 version

Jira Service Management Server 5.4.0 (inclusive) ~ 5.4.24 (inclusive)

Jira Service Management Server 5.12.0 (inclusive) ~ 5.12.11 (inclusive)

Jira Service Management Server 5.15.0 version

Jira Service Management Server 5.16.0 version

Jira Service Management Server 5.17.0 version

Jira Software Data Center 9.4.0 (inclusive) ~ 9.4.24 (inclusive)

Jira Software Data Center 9.12.0 (inclusive) ~ 9.12.11 (inclusive)

Jira Software Data Center 9.15.0 version

Jira Software Data Center 9.16.0 version

Jira Software Data Center 9.17.0 version

Jira Software Server 9.4.0 (inclusive) ~ 9.4.24 (inclusive)

Jira Software Server 9.12.0 (inclusive) ~ 9.12.11 (inclusive)

Jira Software Server 9.15.0 version

Jira Software Server 9.16.0 version

Jira Software Server 9.17.0 version

 

CVE-2024-21689

 

Bamboo Data Center and Server 9.1.0 version

Bamboo Data Center and Server 9.2.0 version

Bamboo Data Center and Server 9.3.0 version

Bamboo Data Center and Server 9.4.0 version

Bamboo Data Center and Server 9.5.0 version

Bamboo Data Center and Server 9.6.0 version

 

CVE-2024-21690

 

Confluence Data Center and Server 7.19.0 version

Confluence Data Center and Server 7.20.0 version

Confluence Data Center and Server 8.0.0 version

Confluence Data Center and Server 8.1.0 version

Confluence Data Center and Server 8.2.0 version

Confluence Data Center and Server 8.3.0 version

Confluence Data Center and Server 8.4.0 version

Confluence Data Center and Server 8.5.0 version

Confluence Data Center and Server 8.6.0 version

Confluence Data Center and Server 8.7.1 version

Confluence Data Center and Server 8.8.0 version

Confluence Data Center and Server 8.9.0 version

 

 

Resolved Vulnerabilities

 

Vulnerability in Jira Software Data Center/Server that allows a denial of service attack (CVE-2024-34750, CVSS 7.5) [1]

Remote code execution vulnerability in Bamboo Data Center and Server (CVE-2024-21689, CVSS 7.6) [2]

Vulnerability that could allow an attacker to execute arbitrary HTML or JavaScript code in the victim’s browser and cause the end user to execute unwanted actions in a currently authenticated web application (CVE-2024-21690, CVSS 7.1) [3]

 

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-34750

Confluence Data Center 7.19.26 version

Confluence Data Center 8.5.14 version

Confluence Data Center 8.9.5 version

Confluence Data Center 9.0.1 version

Confluence Server 7.19.26 version

Confluence Server 8.5.14 version

Confluence Server 8.9.5 version

Confluence Server 9.0.1 version

Jira Service Management Data Center 5.4.25 version

Jira Service Management Data Center 5.12.12 version

Jira Service Management Data Center 5.17.1 version

Jira Service Management Server 5.4.25 version

Jira Service Management Server 5.12.12 version

Jira Service Management Server 5.17.1 version

Jira Software Data Center 9.4.25 version

Jira Software Data Center 9.12.12 version

Jira Software Data Center 9.17.1 version

Jira Software Server 9.4.25 version

Jira Software Server 9.12.12 version

Jira Software Server 9.17.1 version

 

CVE-2024-21689

Bamboo Data Center and Server 9.2.17 version

Bamboo Data Center and Server 9.6.5 version

 

CVE-2024-21690

 

Confluence Data Center and Server 7.19.26 version

Confluence Data Center and Server 8.5.14 version

Confluence Data Center and Server 8.9.5 version

Confluence Data Center and Server 9.0.1 version

 

Referenced Sites

 

[1] DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server

https://jira.atlassian.com/browse/JSWSERVER-26047

[2] RCE (Remote Code Execution) in Bamboo Data Center and Server

https://jira.atlassian.com/browse/BAM-25858

[3] Reflected XSS and CSRF (Cross-Site Request Forgery) in Confluence Data Center and Server

https://jira.atlassian.com/browse/CONFSERVER-97720

[4] Atlassian Security Advisories & Bulletins

https://www.atlassian.com/trust/security/advisories

Tags:

Previous Post

Next Post