Security gaps: Attacks on Atlassian Confluence & Co. possible
Security vulnerabilities threaten several Atlassian applications. Attackers can trigger crashes or gain unauthorized access to data.
(Image: Alfa Photo/Shutterstock.com)
Admins who manage installations of Atlassian Confluence Data Center and Server, Fisheye/Crucible, Jira Data Center and Server or Jira Service Management Data Center and Server in companies should install the available security patches promptly. Otherwise, attackers could target vulnerable systems.
Multiple security vulnerabilities
According toa warning message, the developers have closed a total of nine vulnerabilities, all of which are classified as"high". Attackers can use these vulnerabilities for DoS attacks (CVE-2024-29131, CVE-2024-29133, CVE-2024-25647), among other things, to cause the software to crash. In addition, unauthorized access to information is also conceivable (CVE-2024-21685). Attackers do not need to be authenticated to carry out successful attacks.
The developers state that they have closed the gaps in the following versions:
- Confluence Data Center and Server 7.19.24 (LTS), 8.5.11 (LTS), 8.9.3 (Data Center only)
- Fisheye/Crucible 4.8.15
- Jira Data Center and Server 9.4.21 to 9.4.23 (LTS), 9.12.8 to 9.12.10 (LTS), 9.16.0 to 9.16.1 (Data Center only)
- Jira Service Management Data Center and Server 5.4.21 to 5.4.23 (LTS), 5.12.8 to 5.12.10 (LTS), 5.16.0 to 5.16.1 (Data Center only)
Atlassian would like to point out that there are no security updates for versions that are no longer in support. Anyone using such a version must upgrade. So far there is no information on attacks that are already underway. However, admins should not wait too long to install the secure versions.
(des)
