Patchday Atlassian: Bambo Data Center & Co. secured against possible attacks
Atlassian has released important security updates for various products. In most cases, attackers can cause services to crash.
(Image: Artur Szczybylo/Shutterstock.com)
Atlassian Bamboo Data Center and Server, Bitbucket Data Center and Server, Confluence Data Center and Server, Crowd Data Center and Server, Jira Data Center and Server and Jira Service Management Data Center and Server are vulnerable.
Security issues fixed
According to Atlassian's Security Center, all vulnerabilities have been assigned a “high” threat level. For example, attackers without authentication can use a vulnerability (CVE2025-24970) in Bitbucket Data Center and Server for DoS attacks.
In Confluence Data Center and Server, attackers can bypass the login (CVE-2025-2228), among other things. By successfully exploiting a vulnerability (CVE-2024-38816) in Crowd Data Center and Server, attackers can gain unauthorized access to data. Even if there are currently no indications of attacks, admins should not delay patching too long to be on the safe side.
Videos by heise
The following versions contain security updates:
- Bamboo Data Center and Server 10.2.3 (LTS) recommended Data Center Only, 9.6.14 (LTS) Data Center Only
- Bitbucket Data Center and Server 9.6.2 Data Center Only, 9.5.2 Data Center Only, 9.4.6 (LTS) recommended Data Center Only, 8.19.18 (LTS) Data Center Only, 8.9.27 (LTS)
- Confluence Data Center and Server 9.5.1 Data Center Only, 9.2.5 (LTS) recommended Data Center Only, 8.5.23 (LTS) Data Center Only
- Crowd Data Center and Server 5.3.6, 6.3.1
- Jira Data Center and Server 10.6.1 Data Center Only, 10.3.6 (LTS) recommended Data Center Only
- Jira Service Management Data Center and Server 10.6.1 Data Center Only, 10.3.6 (LTS) recommended Data Center Only
(des)
