ATLASSIAN FIXED SIX HIGH-SEVERITY BUGS IN CONFLUENCE DATA CENTER AND SERVER

10 months ago
June 20, 2024
0 replies
1 view

+54

Jasper_The_Rasper
Moderator
11603 replies

June 20, 2024 By Pierluigi Paganini

Australian software company Atlassian addressed multiple high-severity vulnerabilities in its Confluence, Crucible, and Jira solutions.

Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products.

The most severe issue addressed by the company is an improper authorization org.springframework.security:spring-security-core dependency in Confluence Data Center and Server. The flaw tracked as CVE-2024-22257 received a CVSS score of 8.2.

The Confluence Data Center and Server update resolved other five SSRF (Server-Side Request Forgery) and DoS vulnerabilities. Below is the list of the addressed flaws:

Released Security Vulnerabilities
Product & Release Notes	Affected Versions	Fixed Version	Vulnerability Summary	CVE ID	CVSS Severity
Confluence Data Center and Server	8.9.0 to 8.9.28.8.0 to 8.8.18.7.1 to 8.7.28.6.0 to 8.6.28.5.0 to 8.5.10 (LTS)8.4.0 to 8.4.58.3.0 to 8.3.48.2.0 to 8.2.38.1.0 to 8.1.48.0.0 to 8.0.47.20.0 to 7.20.37.19.0 to 7.19.23 (LTS)	8.9.3 Data Center Only8.5.11 (LTS) recommended7.19.24 (LTS)	Improper Authorization org.springframework.security:spring-security-core Dependency in Confluence Data Center and Server	CVE-2024-22257	8.2 High
			SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server	CVE-2024-22243	8.1 High
			SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server	CVE-2024-22262	8.1 High
			SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server	CVE-2024-22259	8.1 High
			DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server	CVE-2024-29133	7.5 High
			DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server	CVE-2024-29131	7.5 High

>>Full Article<<

Be the first to reply!

Australian software company Atlassian addressed multiple high-severity vulnerabilities in its Confluence, Crucible, and Jira solutions.

Reply

Related Topics

Google declares war against deceptive download buttons

Future Google Chrome Security Update Will Block Drive-By-Downloads

Eliminating Google Chrome extension adware

Chrome Extension Devs Use Sneaky Landing Pages after Google Bans Inline Installs

Google Declares War on the Password

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded