heise PlusAbo
Anzeige

Bitbucket, Confluence & Co.: Atlassian closes DoS and malware gaps

Atlassian's developers have closed security vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd Data, Jira, Jira Service Management and Sourcetree.

listen Print view
Update button on keyboard

(Image: Shutterstock)

2 min. read
Security
By

Attackers can attack PCs with Atlassian applications and, in the worst case, compromise systems. Security patches are available for download.

The closed gaps are listed in a warning message. All are classified with a"high" threat level. If attackers successfully exploit the vulnerabilities, they can create DoS states or even execute malicious code, among other things.

In order to exploit the gaps, attackers have to work with prepared signatures or special HTTP/2 requests, among other things. According to the descriptions, often this works without authentication. However, the developers are not currently explaining how such attacks could work in detail.

Install a secure version now

So far, there are no reports of attacks already in progress. However, admins should not wait too long to install the security updates. Unfortunately, there are no indications so far as to which Indicator of Compromise (IoC) admins can use to recognize instances that have already been attacked.

Atlassian states that the following releases are protected against the attacks described. The software solution provider lists the vulnerable versions in the warning message.

Videos by heise

  • Bamboo Data Center and Server 9.2.20 (LTS), 9.6.8 (LTS) recommended (Data Center only), 10.0.3 (Data Center only)
  • Bitbucket Data Center and Server 8.9.14 to 8.9.21 (LTS, 8.19.3 to 8.19.11 (LTS) recommended (Data Center only), 9.0.0 to 9.0.1 (Data Center only)
  • Confluence Data Center and Server 7.19.29 (LTS), 8.5.17 (LTS) recommended (Data Center only), 8.9.8 (Data Center only), 9.1.1 (Data Center only)
  • Crowd Data Center and Server 5.3.6 (Data Center only), 6.0.3 to 6.0.4 (Data Center only), 6.1.1 to 6.1.2 recommended (Data Center only)
  • Jira Data Center and Server 9.4.28 (LTS), 9.12.15 (LTS) recommended (Data Center only), 9.17.4 to 9.17.5 (Data Center only), 10.1.1 to 10.1.2 (Data Center only)
  • Jira Service Management Data Center and Server 5.4.28 (LTS), 5.12.15 (LTS) recommended, 10.1.1 to 10.1.2 (Data Center only)
  • Sourcetree (macOS) 4.2.9
  • Sourcetree (Windows) 3.4.19

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten