FOCUS MODE
EXTRACT IOC
Cyber Security News

Atlassian fixed six high-severity bugs in Confluence

Cyware

Summary: The Atlassian June 2024 Security Bulletin addressed multiple high-severity vulnerabilities in their Confluence, Crucible, and Jira products.

Threat Actor: None identified.

Victim: Atlassian.

Key Point :

  • The Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products.
  • The most severe vulnerability was an improper authorization dependency in Confluence Data Center and Server, which received a CVSS score of 8.2.
  • Other vulnerabilities addressed include five SSRF and DoS vulnerabilities in Confluence Data Center and Server, as well as a DoS vulnerability in Fisheye/Crucible.
  • Jira Data Center and Server also received fixes for several vulnerabilities.
  • No known attacks exploiting these vulnerabilities have been reported.

Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products.

The most severe issue addressed by the company is an improper authorization org.springframework.security:spring-security-core dependency in Confluence Data Center and Server. The flaw tracked as CVE-2024-22257 received a CVSS score of 8.2.

The Confluence Data Center and Server update resolved other five SSRF (Server-Side Request Forgery) and DoS vulnerabilities. Below is the list of the addressed flaws:

Confluence Data Center and Server versions 8.9.3, 8.5.11 (LTS), and 7.19.24 (LTS) addressed these vulnerabilities.

Atlassian also fixed a DoS vulnerability, tracked as CVE-2022-25647, in the Fisheye/Crucible with the release of version 4.8.15.

The software firm also fixed the following vulnerabilities in the Jira Data Center and Server:

The company is not aware of attacks in the wild exploiting the vulnerabilities fixed in the June 2024 Security Bulletin.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, China)

Source: https://securityaffairs.com/164743/security/atlassian-confluence-crucible-jira-flaws.html

“An interesting youtube video that may be related to the article above”

Tags: VULNERABILITY, CHINA, CVE