Atlassian protects Confluence & Co. from possible DoS attacks

Attackers can exploit ten security vulnerabilities in Atlassian Bamboo, Bitbucket and Confluence and cause crashes, among other things.

If attacks are successful, this results in DoS states and the applications hang. This happens with Bamboo Data Center and Server (CVE-2024-30172"high") when a signature prepared by an attacker is processed.

Install security updates

All threatened versions are listed in a warning message. All security vulnerabilities are assigned the threat level"high". So far there are no reports of ongoing attacks. However, admins should not wait too long and install the versions secured against the attacks described.

The versions with the error corrections are

• Bamboo Data Center and Server 9.2.15 to 9.2.21 (LTS), 9.6.3 to 9.6.8 (LTS) recommended for Data Center only
• Bitbucket Data Center and Server 9.4.0 (LTS) Data Center only, 9.3.2 Data Center only, 8.19.12 (LTS) Data Center only, 8.9.22 (LTS)
• Confluence Data Center and Server 9.2.0 (LTS), 9.1.0 to 9.1.1 Data Center only, 8.9.8 Data Center only, 8.5.17 to 8.5.18 (LTS) recommended, 7.19.29 to 7.19.30 (LTS)

Read also

Bitbucket, Confluence & Co.: Atlassian closes DoS and malware gaps

(des)