Refine your search
27 vulnerabilities found for Confluence by Atlassian
CERTFR-2025-AVI-0903
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.28 | ||
| Atlassian | Jira | Jira Software Server versions 11.1.x antérieures à 11.1.0 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.28 | ||
| Atlassian | Jira | Jira Service Management Server versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.x antérieures à 10.0.2 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.1.x antérieures à 11.1.0 | ||
| Atlassian | Jira | Jira Software Server versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.28 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.3.x antérieures à 10.3.12 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.2.7 | ||
| Atlassian | Jira | Jira Service Management Server versions 11.1.x antérieures à 11.1.0 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.3.x antérieures à 10.3.12 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.28 | ||
| Atlassian | Jira | Jira Software Server versions 10.3.x antérieures à 10.3.12 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.1.x antérieures à 11.1.0 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.25 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.3.x antérieures à 10.3.12 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.2.7",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.25",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22166"
},
{
"name": "CVE-2025-22167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22167"
}
],
"initial_release_date": "2025-10-22T00:00:00",
"last_revision_date": "2025-10-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0903",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26567",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26567"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26566",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26566"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16410",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16410"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-100907",
"url": "https://jira.atlassian.com/browse/CONFSERVER-100907"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26564",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26564"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16408",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16408"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16412",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16412"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16413",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16413"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16411",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16411"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26552",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26552"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26538",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26538"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26565",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26565"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16409",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16409"
}
]
}
CERTFR-2025-AVI-0794
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.24 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.7.x antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Server versions 10.3.x antérieures à 10.3.9 | ||
| Atlassian | Confluence | Confluence Server versions 9.5.x antérieures à 9.5.2 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Confluence | Confluence Server versions 10.0.x antérieures à 10.0.3 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.3.x antérieures à 10.3.9 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.26 | ||
| Atlassian | Confluence | Confluence Server versions 9.2.x antérieures à 9.2.6 | ||
| Atlassian | Jira | Jira Service Management Server versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.24 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.3.x antérieures à 10.3.9 | ||
| Atlassian | Jira | Jira Software Server versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Jira | Jira Software Server versions 10.7.x antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.26 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.3.x antérieures à 10.3.9 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.2.x antérieures à 9.2.6 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.26 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.7.x antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.7.x antérieures à 10.7.3 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.5.x antérieures à 9.5.2 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.26 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.0.x antérieures à 10.0.3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.24",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.24",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.0.x ant\u00e9rieures \u00e0 10.0.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2025-09-17T00:00:00",
"last_revision_date": "2025-09-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0794",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16367",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16367"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26500",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26500"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-100795",
"url": "https://jira.atlassian.com/browse/CONFSERVER-100795"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16369",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16369"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26499",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26499"
}
]
}
CERTFR-2025-AVI-0593
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Service Management Data Center versions 10.x antérieures à 10.7.2 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.x antérieures à 10.3.8 LTS | ||
| Atlassian | Jira | Jira Software Data Center versions 10.x antérieures à 10.7.2 | ||
| Atlassian | Jira | Jira Software Server versions 9.x antérieures à 9.12.25 LTS | ||
| Atlassian | Jira | Jira Software Server versions 10.x antérieures à 10.7.2 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.8 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 10.x antérieures à 10.7.2 | ||
| Atlassian | Confluence | Confluence Server versions 9.x antérieures à 9.5.2 | ||
| Atlassian | Confluence | Confluence Server versions 9.x antérieures à 9.2.6 LTS | ||
| Atlassian | Jira | Jira Software Data Center versions 10.x antérieures à 10.3.8 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.2.6 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.x antérieures à 5.12.25 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 5.x antérieures à 5.12.25 LTS | ||
| Atlassian | Jira | Jira Software Data Center versions 9.x antérieures à 9.12.25 LTS | ||
| Atlassian | Jira | Jira Software Server versions 10.x antérieures à 10.3.8 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.5.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Service Management Data Center versions 10.x ant\u00e9rieures \u00e0 10.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.x ant\u00e9rieures \u00e0 10.3.8 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.x ant\u00e9rieures \u00e0 10.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 9.x ant\u00e9rieures \u00e0 9.12.25 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.8 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.x ant\u00e9rieures \u00e0 10.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.x ant\u00e9rieures \u00e0 9.2.6 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.8 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.2.6 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.x ant\u00e9rieures \u00e0 5.12.25 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.x ant\u00e9rieures \u00e0 5.12.25 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 9.x ant\u00e9rieures \u00e0 9.12.25 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.3.8 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27820"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
}
],
"initial_release_date": "2025-07-16T00:00:00",
"last_revision_date": "2025-07-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0593",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26443",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26443"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16310",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16310"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26442",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26442"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16309",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16309"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26470",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26470"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26468",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26468"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16269",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16269"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26469",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26469"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16308",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16308"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16311",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16311"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-100164",
"url": "https://jira.atlassian.com/browse/CONFSERVER-100164"
}
]
}
CERTFR-2025-AVI-0520
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Service Management Server versions 10.6.x antérieures à 10.6.1 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.6.x antérieures à 10.6.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.5.x antérieures à 9.5.1 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.6 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.6.x antérieures à 10.6.1 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.6.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.2.x antérieures à 9.2.5 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.3.6 | ||
| Atlassian | Confluence | Confluence Server versions 9.5.x antérieures à 9.5.1 | ||
| Atlassian | Confluence | Confluence Server versions 9.2.x antérieures à 9.2.5 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.6 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.4.x antérieures à 9.4.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.23 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.23 | ||
| Atlassian | Confluence | Confluence Server versions 9.4.x antérieures à 9.4.1 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.3.6 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Service Management Server versions 10.6.x ant\u00e9rieures \u00e0 10.6.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.6.x ant\u00e9rieures \u00e0 10.6.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.5.x ant\u00e9rieures \u00e0 9.5.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.6.x ant\u00e9rieures \u00e0 10.6.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.6.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.23",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.23",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2025-06-18T00:00:00",
"last_revision_date": "2025-06-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0520",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99921",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99921"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99835",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99835"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16260",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16260"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26411",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26411"
}
]
}
CERTFR-2025-AVI-0435
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.3.2 | ||
| Atlassian | Jira | Jira Core Data Center versions antérieures à 9.12.22 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.22 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.6.0 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.6.0 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.4 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.22 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.3.2 | ||
| Atlassian | Jira | Jira Core Server versions antérieures à 10.5.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Core Server versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.5.1 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.4 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.4.1 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 9.12.22 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.5.1 | ||
| Atlassian | Jira | Jira Core Data Center versions antérieures à 10.5.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.22 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.22 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.4.1 | ||
| Atlassian | Jira | Jira Core Server versions antérieures à 10.6.0 | ||
| Atlassian | Jira | Jira Core Data Center versions antérieures à 10.6.0 | ||
| Atlassian | Jira | Jira Core Data Center versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Core Server versions antérieures à 9.12.22 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 9.12.22 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.22",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.6.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.6.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.22",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions ant\u00e9rieures \u00e0 10.6.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 10.6.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-22157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22157"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
}
],
"initial_release_date": "2025-05-21T00:00:00",
"last_revision_date": "2025-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0435",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99686",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99686"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16206",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16206"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16207",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16207"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99568",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99568"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JRASERVER-78766",
"url": "https://jira.atlassian.com/browse/JRASERVER-78766"
}
]
}
CERTFR-2025-AVI-0316
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.21 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.3.2 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.5.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.3 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.22 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.3.2 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.5.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.21 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.5.1 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.22 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.22 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.22 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.5.1 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.3.5 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.4.0 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.21",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.21",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2025-04-16T00:00:00",
"last_revision_date": "2025-04-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0316",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99547",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99547"
},
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26359",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26359"
},
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16144",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16144"
},
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99540",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99540"
}
]
}
CERTFR-2025-AVI-0144
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.19 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.19 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.15 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.4.28 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.17.4 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.1 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.15 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.1.2 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.1 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.4.28 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.17.4 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.1.2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.19",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.19",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.4.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.1.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.4.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.1.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
}
],
"initial_release_date": "2025-02-19T00:00:00",
"last_revision_date": "2025-02-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0144",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26299",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26299"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99216",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99216"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99215",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99215"
}
]
}
CERTFR-2024-AVI-1067
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center et Server versions 8.5.x antérieures à 8.5.12 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 7.19.x antérieures à 7.19.25 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.9.4 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.9.x antérieures à 8.9.4 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.12 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 7.19.25 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.1.x antérieures à 9.1.0 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.0 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center et Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.12",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 7.19.x ant\u00e9rieures \u00e0 7.19.25",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.9.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.9.x ant\u00e9rieures \u00e0 8.9.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.12",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 7.19.25",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.1.x ant\u00e9rieures \u00e0 9.1.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2023-45859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45859"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
}
],
"initial_release_date": "2024-12-11T00:00:00",
"last_revision_date": "2024-12-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1067",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98713",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98713"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98680",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98680"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98301",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98301"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98300",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98300"
}
]
}
CERTFR-2024-AVI-1006
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Core Data Center versions 9.12.x antérieures à 9.12.15 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.17.x antérieures à 5.17.4 | ||
| Atlassian | Jira | Jira Core Server versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions 8.5.x antérieures à 8.5.17 LTS | ||
| Atlassian | Jira | Jira Core Server versions 9.4.x antérieures à 9.4.28 LTS | ||
| Atlassian | Jira | Jira Core Server versions 9.17.x antérieures à 9.17.4 | ||
| Atlassian | Jira | Jira Service Management Server versions 5.17.x antérieures à 5.17.4 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.x antérieures à 8.9.8 | ||
| Atlassian | Jira | Jira Core Data Center versions 9.17.x antérieures à 9.17.4 | ||
| Atlassian | Jira | Jira Core Server versions 9.12.x antérieures à 9.12.15 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions 8.x antérieures à 8.9.8 | ||
| Atlassian | Jira | Jira Service Management Server versions 5.12.x antérieures à 5.12.15 LTS | ||
| Atlassian | Jira | Jira Core Data Center versions 9.4.x antérieures à 9.4.28 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 5.4.x antérieures à 5.4.28 LTS | ||
| Atlassian | Jira | Jira Core Data Center versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.5.x antérieures à 8.5.17 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.1.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.12.x antérieures à 5.12.15 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 7.19.x antérieures à 7.19.29 LTS | ||
| Atlassian | Confluence | Confluence Server versions 7.19.x antérieures à 7.19.29 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.4.x antérieures à 5.4.28 LTS |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Core Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.17.x ant\u00e9rieures \u00e0 5.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.17 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.17.x ant\u00e9rieures \u00e0 5.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.x ant\u00e9rieures \u00e0 8.9.8",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.x ant\u00e9rieures \u00e0 8.9.8",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.12.x ant\u00e9rieures \u00e0 5.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.4.x ant\u00e9rieures \u00e0 5.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.5.x ant\u00e9rieures \u00e0 8.5.17 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.12.x ant\u00e9rieures \u00e0 5.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 7.19.x ant\u00e9rieures \u00e0 7.19.29 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 7.19.x ant\u00e9rieures \u00e0 7.19.29 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.4.x ant\u00e9rieures \u00e0 5.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
}
],
"initial_release_date": "2024-11-20T00:00:00",
"last_revision_date": "2024-11-20T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1006",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98022",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98022"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98299",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98299"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98481",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98481"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98442",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98442"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15626",
"url": "https://jira.atlassian.com/browse/JSDSERVER-15626"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15689",
"url": "https://jira.atlassian.com/browse/JSDSERVER-15689"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98484",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98484"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JRASERVER-78199",
"url": "https://jira.atlassian.com/browse/JRASERVER-78199"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98231",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98231"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98021",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98021"
}
]
}
CERTFR-2024-AVI-0788
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions 7.20.x à 8.x antérieures à 8.5.12 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 7.19.26 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.9.x antérieures à 8.9.4 | ||
| Atlassian | Confluence | Confluence Server versions 7.x antérieures à 7.19.26 | ||
| Atlassian | Confluence | Confluence Server versions 7.20.x à 8.x antérieures à 8.5.12 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions 7.20.x \u00e0 8.x ant\u00e9rieures \u00e0 8.5.12",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 7.19.26",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.9.x ant\u00e9rieures \u00e0 8.9.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 7.x ant\u00e9rieures \u00e0 7.19.26",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 7.20.x \u00e0 8.x ant\u00e9rieures \u00e0 8.5.12",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22871"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
}
],
"initial_release_date": "2024-09-18T00:00:00",
"last_revision_date": "2024-09-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0788",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-09-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-97723",
"url": "https://jira.atlassian.com/browse/CONFSERVER-97723"
},
{
"published_at": "2024-09-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-97711",
"url": "https://jira.atlassian.com/browse/CONFSERVER-97711"
}
]
}
CERTFR-2024-AVI-0703
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance, une injection de code indirecte à distance (XSS) et une injection de requêtes illégitimes par rebond (CSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center et Server versions 8.9.x antérieures à 8.9.5 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.x antérieures à 8.5.14 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions antérieures à 7.19.26 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 9.17.x antérieures à 9.17.1 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 9.4.x antérieures à 9.4.25 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.x antérieures à 9.0.1 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.12 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center et Server versions 8.9.x ant\u00e9rieures \u00e0 8.9.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.x ant\u00e9rieures \u00e0 8.5.14",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions ant\u00e9rieures \u00e0 7.19.26",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 9.17.x ant\u00e9rieures \u00e0 9.17.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.25",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.x ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.12",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21690"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
}
],
"initial_release_date": "2024-08-21T00:00:00",
"last_revision_date": "2024-08-21T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0703",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une injection de code indirecte \u00e0 distance (XSS) et une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-97720",
"url": "https://jira.atlassian.com/browse/CONFSERVER-97720"
},
{
"published_at": "2024-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26047",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26047"
},
{
"published_at": "2024-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-97657",
"url": "https://jira.atlassian.com/browse/CONFSERVER-97657"
}
]
}
CERTFR-2024-AVI-0616
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Atlassian. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions 8.6.x à 8.9.x antérieures à 8.9.4 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.x antérieures à 8.5.12 | ||
| Atlassian | Confluence | Confluence Server versions 8.6.x à 8.9.x antérieures à 8.9.4 | ||
| Atlassian | Confluence | Confluence Server versions 8.x antérieures à 8.5.12 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 7.19.25 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 7.19.25 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions 8.6.x \u00e0 8.9.x ant\u00e9rieures \u00e0 8.9.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.x ant\u00e9rieures \u00e0 8.5.12",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.6.x \u00e0 8.9.x ant\u00e9rieures \u00e0 8.9.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.x ant\u00e9rieures \u00e0 8.5.12",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 7.19.25",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 7.19.25",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
}
],
"initial_release_date": "2024-07-22T00:00:00",
"last_revision_date": "2024-07-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0616",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Atlassian. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96135",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96135"
}
]
}
CERTFR-2024-AVI-0590
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.0 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 7.19.25 LTS | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.4.18 LTS | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.8.0 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.8.0 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.12 LTS | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.4.18 LTS | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.0 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.12 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.9.4 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 7.19.25 LTS |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.0 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 7.19.25 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.4.18 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.8.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.8.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.12 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.4.18 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.0 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.12 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.9.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 7.19.25 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2024-21686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21686"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2019-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12402"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
}
],
"initial_release_date": "2024-07-17T00:00:00",
"last_revision_date": "2024-07-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0590",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96100",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96100"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96103",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96103"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96099",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96099"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25951",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25951"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96101",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96101"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96102",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96102"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96134",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96134"
}
]
}
CERTFR-2024-AVI-0432
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.9.1 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 7.19.22 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.8.0 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.11.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.7 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.0 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.15.2 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.9 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.7.2 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.4.20 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.15.2 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.4.20 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.9.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 7.19.22",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.8.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.11.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.15.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.9",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.4.20",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.15.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.4.20",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-45859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45859"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"name": "CVE-2024-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21683"
}
],
"initial_release_date": "2024-05-22T00:00:00",
"last_revision_date": "2024-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0432",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25950",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25950"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25949",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25949"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95839",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95839"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25896",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25896"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95834",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95834"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95832",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25948",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25948"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25905",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25905"
}
]
}
CERTFR-2024-AVI-0312
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center versions 9.12.x LTS antérieures à 9.12.7 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.4.19 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 7.x LTS antérieures 7.19.20 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.4.19 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.7.1 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.15.0 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.6 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.7 LTS | ||
| Atlassian | Confluence | Confluence Server versions 7.x LTS antérieures 7.19.20 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 8.x LTS antérieures à 8.5.7 LTS | ||
| Atlassian | Jira | Jira Software Server versions 9.1.x, 9.2.x, 9.3.x et 9.4.x antérieures à 9.4.18 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.6 | ||
| Atlassian | Jira | Jira Software Data Center versions 9.1.x, 9.2.x, 9.3.x et 9.4.x antérieures à 9.4.18 LTS | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.7 LTS |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center versions 9.12.x LTS ant\u00e9rieures \u00e0 9.12.7 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.4.19 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 7.x LTS ant\u00e9rieures 7.19.20 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.4.19 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.7.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.15.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.7 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 7.x LTS ant\u00e9rieures 7.19.20 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.x LTS ant\u00e9rieures \u00e0 8.5.7 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 9.1.x, 9.2.x, 9.3.x et 9.4.x ant\u00e9rieures \u00e0 9.4.18 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 9.1.x, 9.2.x, 9.3.x et 9.4.x ant\u00e9rieures \u00e0 9.4.18 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.7 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
}
],
"initial_release_date": "2024-04-17T00:00:00",
"last_revision_date": "2024-04-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0312",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-17T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour du r\u00e9sum\u00e9",
"revision_date": "2024-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Atlassian\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15248 du 16 avril 2024",
"url": "https://jira.atlassian.com/browse/JSDSERVER-15248"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25885 du 16 avril 2024",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25885"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25892 du 16 avril 2024",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25892"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95099 du 16 avril 2024",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95099"
}
]
}
CERTFR-2024-AVI-0040
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Atlassian Confluence et Jira. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions LTS 8.5.x antérieures à la version 8.5.5 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.x antérieures à la version 8.7.2 | ||
| Atlassian | Jira | Jira Service Management Data Center et Jira Service Management Server versions 4.20.x antérieures à la version 4.20.30 | ||
| Atlassian | Jira | Jira Data Center et Jira Server versions 9.x antérieures à la version 9.7.0 | ||
| Atlassian | Confluence | Confluence Data Center versions 7.x antérieures à la version 7.19.18 | ||
| Atlassian | Confluence | Confluence Server versions 7.x antérieures à la version 7.19.18 | ||
| Atlassian | Confluence | Confluence Server versions 8.5.x antérieures à la version 8.5.5 | ||
| Atlassian | Jira | Jira Service Management Data Center et Jira Service Management Server versions 5.x antérieures à la version 5.12.2 | ||
| Atlassian | Jira | Jira Service Management Data Center et Jira Service Management Server versions LTS 5.4.x antérieures à la version 5.4.15 | ||
| Atlassian | Jira | Jira Data Center et Jira Server versions LTS 9.4.x antérieures à la version 9.4.13 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions LTS 8.5.x ant\u00e9rieures \u00e0 la version 8.5.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.x ant\u00e9rieures \u00e0 la version 8.7.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Jira Service Management Server versions 4.20.x ant\u00e9rieures \u00e0 la version 4.20.30",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Data Center et Jira Server versions 9.x ant\u00e9rieures \u00e0 la version 9.7.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 7.x ant\u00e9rieures \u00e0 la version 7.19.18",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 7.x ant\u00e9rieures \u00e0 la version 7.19.18",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.5.x ant\u00e9rieures \u00e0 la version 8.5.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Jira Service Management Server versions 5.x ant\u00e9rieures \u00e0 la version 5.12.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Jira Service Management Server versions LTS 5.4.x ant\u00e9rieures \u00e0 la version 5.4.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Data Center et Jira Server versions LTS 9.4.x ant\u00e9rieures \u00e0 la version 9.4.13",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21672"
},
{
"name": "CVE-2023-22527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22527"
},
{
"name": "CVE-2022-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2022-44729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44729"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2023-22526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22526"
},
{
"name": "CVE-2024-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21673"
}
],
"initial_release_date": "2024-01-16T00:00:00",
"last_revision_date": "2024-01-16T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0040",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Atlassian\nConfluence et Jira. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Atlassian Confluence et Jira",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian 1333335615 du 16 janvier 2024",
"url": "https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian 1333990257 du 16 janvier 2024",
"url": "https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html"
}
]
}
CERTFR-2023-AVI-1001
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Atlassian Confluence. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions 8.7.x antérieures à 8.7.1 (Data Center seulement) | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.4.x antérieures à 8.4.5 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.5.x antérieures à 8.5.4 (LTS) | ||
| Atlassian | Confluence | Confluence Data Center versions 8.6.x antérieures à 8.6.2 (Data Center seulement) | ||
| Atlassian | Confluence | Confluence Data Center et Server versions antérieures à 7.19.17 (LTS) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions 8.7.x ant\u00e9rieures \u00e0 8.7.1 (Data Center seulement)",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.4.x ant\u00e9rieures \u00e0 8.4.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.4 (LTS)",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.6.x ant\u00e9rieures \u00e0 8.6.2 (Data Center seulement)",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions ant\u00e9rieures \u00e0 7.19.17 (LTS)",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22522"
}
],
"initial_release_date": "2023-12-06T00:00:00",
"last_revision_date": "2023-12-06T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1001",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Atlassian Confluence. Elle\npermet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Atlassian Confluence",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-93502 du 05 d\u00e9cembre 2023",
"url": "https://confluence.atlassian.com/security/cve-2023-22522-rce-vulnerability-in-confluence-data-center-and-confluence-server-1319570362.html"
}
]
}
CERTFR-2023-AVI-0899
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Atlassian Confluence Data Center et Server. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center et Server versions antérieures à 7.19.16 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.6.x antérieures à 8.6.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.4.x antérieures à 8.4.4 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.5.x antérieures à 8.5.3 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.3.x antérieures à 8.3.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center et Server versions ant\u00e9rieures \u00e0 7.19.16",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.6.x ant\u00e9rieures \u00e0 8.6.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.4.x ant\u00e9rieures \u00e0 8.4.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.3.x ant\u00e9rieures \u00e0 8.3.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22518",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22518"
}
],
"initial_release_date": "2023-10-31T00:00:00",
"last_revision_date": "2023-10-31T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0899",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Atlassian Confluence Data Center\net Server. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Atlassian Confluence Data Center et Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CVE-2023-22518 du 30 octobre 2023",
"url": "https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html"
}
]
}
CERTFR-2023-AVI-0803
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Atlassian Confluence. Elle permet à un attaquant de provoquer une élévation de privilèges et un contournement de la politique de sécurité.
L'éditeur a connaissance d'un rapport indiquant que la vulnérabilité a été exploitée sur des instances Confluence Data Center et Server accessibles depuis internet.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center et Confluence Server versions 8.4.x antérieures à 8.4.3 | ||
| Atlassian | Confluence | Confluence Data Center et Confluence Server versions 8.0.x à 8.3.x antérieures à 8.3.3 | ||
| Atlassian | Confluence | Confluence Data Center et Confluence Server versions 8.5.x antérieures à 8.5.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center et Confluence Server versions 8.4.x ant\u00e9rieures \u00e0 8.4.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Confluence Server versions 8.0.x \u00e0 8.3.x ant\u00e9rieures \u00e0 8.3.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Confluence Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22515",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22515"
}
],
"initial_release_date": "2023-10-05T00:00:00",
"last_revision_date": "2023-10-06T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0803",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-05T00:00:00.000000"
},
{
"description": "Ajout du risque \"Contournement de la politiique de s\u00e9curit\u00e9\" suite \u00e0 la mise \u00e0 jour de l\u0027avis par l\u0027\u00e9diteur.",
"revision_date": "2023-10-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Atlassian Confluence. Elle\npermet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et un\ncontournement de la politique de s\u00e9curit\u00e9.\n\nL\u0027\u00e9diteur a connaissance d\u0027un rapport indiquant que la vuln\u00e9rabilit\u00e9 a\n\u00e9t\u00e9 exploit\u00e9e sur des instances Confluence Data Center et Server\naccessibles depuis internet.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Atlassian Confluence",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian 1295682276 du 04 octobre 2023",
"url": "https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html"
}
]
}
CERTFR-2022-AVI-521
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Atlassian Confluence. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Server et Data Center versions 7.18.x antérieures à 7.18.1 | ||
| Atlassian | Confluence | Confluence Server et Data Center versions 7.15.x antérieures à 7.15.2 | ||
| Atlassian | Confluence | Confluence Server et Data Center versions 7.13.x antérieures à 7.13.7 | ||
| Atlassian | Confluence | Confluence Server et Data Server versions 1.3.0 à 7.4.x antérieures à 7.4.17 | ||
| Atlassian | Confluence | Confluence Server et Data Center versions 7.17.x antérieures à 7.17.4 | ||
| Atlassian | Confluence | Confluence Server et Data Center versions 7.14.x antérieures à 7.14.3 | ||
| Atlassian | Confluence | Confluence Server et Data Center versions 7.16.x antérieures à 7.16.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Server et Data Center versions 7.18.x ant\u00e9rieures \u00e0 7.18.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server et Data Center versions 7.15.x ant\u00e9rieures \u00e0 7.15.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server et Data Center versions 7.13.x ant\u00e9rieures \u00e0 7.13.7",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server et Data Server versions 1.3.0 \u00e0 7.4.x ant\u00e9rieures \u00e0 7.4.17",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server et Data Center versions 7.17.x ant\u00e9rieures \u00e0 7.17.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server et Data Center versions 7.14.x ant\u00e9rieures \u00e0 7.14.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server et Data Center versions 7.16.x ant\u00e9rieures \u00e0 7.16.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-26134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26134"
}
],
"initial_release_date": "2022-06-03T00:00:00",
"last_revision_date": "2022-06-03T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-521",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Atlassian Confluence. Elle\npermet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Atlassian Confluence",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian du 02 juin 2022",
"url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html"
}
]
}
CERTFR-2021-AVI-677
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Atlassian Confluence Server et Data Center. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
La vulnérabilité CVE-2021-26084 est activement exploitée. De plus, des codes d'exploitation sont disponibles publiquement sur Internet.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Atlassian Confluence Server et Data Center versions 7.12.x antérieures à 7.12.5 | ||
| Atlassian | Confluence | Atlassian Confluence Server et Data Center versions antérieures à 6.13.23 | ||
| Atlassian | Confluence | Atlassian Confluence Server et Data Center versions 7.5.x à 7.11.x antérieures à 7.11.6 | ||
| Atlassian | Confluence | Atlassian Confluence Server et Data Center versions 6.14.x à 7.4.x antérieures à 7.4.11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Atlassian Confluence Server et Data Center versions 7.12.x ant\u00e9rieures \u00e0 7.12.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Atlassian Confluence Server et Data Center versions ant\u00e9rieures \u00e0 6.13.23",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Atlassian Confluence Server et Data Center versions 7.5.x \u00e0 7.11.x ant\u00e9rieures \u00e0 7.11.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Atlassian Confluence Server et Data Center versions 6.14.x \u00e0 7.4.x ant\u00e9rieures \u00e0 7.4.11",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-26084",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26084"
},
{
"name": "CVE-2021-26085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26085"
}
],
"initial_release_date": "2021-09-06T00:00:00",
"last_revision_date": "2021-09-06T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-677",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Atlassian\nConfluence Server et Data Center. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n\nLa vuln\u00e9rabilit\u00e9 CVE-2021-26084 est activement exploit\u00e9e. De plus, des\ncodes d\u0027exploitation sont disponibles publiquement sur Internet.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Atlassian Confluence Server et Data Center",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CVE-2021-26084 du 25 ao\u00fbt 2021",
"url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-67893 du 29 juillet 2021",
"url": "https://jira.atlassian.com/browse/CONFSERVER-67893"
}
]
}
CERTFR-2021-ALE-018
Vulnerability from certfr_alerte
Le 25 août 2021, Atlassian a publié un avis de sécurité alertant de l'existence d'une vulnérabilité affectant la solution de travail collaboratif Confluence, référencée CVE-2021-26084.
L'éditeur, ainsi que plusieurs autres sources, indiquent que la vulnérabilité CVE-2021-26084, qui permet à un attaquant non authentifié d'exécuter du code arbitraire à distance, est activement exploitée. Le 3 septembre 2021, l'éditeur confirme par ailleurs que toutes les versions citées ci-dessus sont vulnérables, quelles que soient leurs configurations.
Le CERT-FR a également connaissance de campagnes d'identification de serveurs Confluence exposés sur Internet. De plus, des codes d'exploitation sont disponibles publiquement pour cette vulnérabilité.
Solution
Le CERT-FR recommande très fortement d'appliquer les correctifs sans délai au vu des risques d'exploitation. Dans le cas où la mise à jour ne peut pas être effectuée rapidement, l'éditeur propose un contournement temporaire (*).
Le CERT-FR rappelle également que ce type de service ne devrait pas être exposé sur Internet [1].
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
(*) La mise à jour d’un produit ou d’un logiciel est une opération délicate qui doit être menée avec prudence. Il est notamment recommandé d’effectuer des tests autant que possible. Des dispositions doivent également être prises pour garantir la continuité de service en cas de difficultés lors de l’application des mises à jour comme des correctifs ou des changements de version.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Atlassian Confluence Server et Data Center versions 7.12.x antérieures à 7.12.5 | ||
| Atlassian | Confluence | Atlassian Confluence Server et Data Center versions antérieures à 6.13.23 | ||
| Atlassian | Confluence | Atlassian Confluence Server et Data Center versions 7.5.x à 7.11.x antérieures à 7.11.6 | ||
| Atlassian | Confluence | Atlassian Confluence Server et Data Center versions 6.14.x à 7.4.x antérieures à 7.4.11 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Atlassian Confluence Server et Data Center versions 7.12.x ant\u00e9rieures \u00e0 7.12.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Atlassian Confluence Server et Data Center versions ant\u00e9rieures \u00e0 6.13.23",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Atlassian Confluence Server et Data Center versions 7.5.x \u00e0 7.11.x ant\u00e9rieures \u00e0 7.11.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Atlassian Confluence Server et Data Center versions 6.14.x \u00e0 7.4.x ant\u00e9rieures \u00e0 7.4.11",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2022-01-05",
"content": "## Solution\n\n**Le CERT-FR recommande tr\u00e8s fortement d\u0027appliquer les correctifs sans\nd\u00e9lai au vu des risques d\u0027exploitation.** Dans le cas o\u00f9 la mise \u00e0 jour\nne peut pas \u00eatre effectu\u00e9e rapidement, l\u0027\u00e9diteur propose un\ncontournement temporaire (\\*).\n\n**Le CERT-FR rappelle \u00e9galement que ce type de service ne devrait pas\n\u00eatre expos\u00e9 sur Internet \\[1\\].**\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n------------------------------------------------------------------------\n\n(\\*) La mise \u00e0 jour d\u2019un produit ou d\u2019un logiciel est une op\u00e9ration\nd\u00e9licate qui doit \u00eatre men\u00e9e avec prudence. Il est notamment recommand\u00e9\nd\u2019effectuer des tests autant que possible. Des dispositions doivent\n\u00e9galement \u00eatre prises pour garantir la continuit\u00e9 de service en cas de\ndifficult\u00e9s lors de l\u2019application des mises \u00e0 jour comme des correctifs\nou des changements de version.\n",
"cves": [
{
"name": "CVE-2021-26084",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26084"
}
],
"initial_release_date": "2021-09-06T00:00:00",
"last_revision_date": "2022-01-05T00:00:00",
"links": [
{
"title": "Avis CERT-FR CERTFR-2021-AVI-677 du 06 septembre 2021",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-677/"
},
{
"title": "[1] Guide ANSSI sur le nomadisme num\u00e9rique",
"url": "https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/"
}
],
"reference": "CERTFR-2021-ALE-018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-06T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2022-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Le 25 ao\u00fbt 2021, Atlassian a publi\u00e9 un avis de s\u00e9curit\u00e9 alertant de\nl\u0027existence d\u0027une vuln\u00e9rabilit\u00e9 affectant la solution de travail\ncollaboratif Confluence, r\u00e9f\u00e9renc\u00e9e CVE-2021-26084.\n\nL\u0027\u00e9diteur, ainsi que plusieurs autres sources, indiquent que la\nvuln\u00e9rabilit\u00e9 CVE-2021-26084, qui permet \u00e0 un attaquant non authentifi\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance, est activement exploit\u00e9e. Le 3\nseptembre 2021, l\u0027\u00e9diteur confirme par ailleurs que toutes les versions\ncit\u00e9es ci-dessus sont vuln\u00e9rables, quelles que soient leurs\nconfigurations.\n\nLe CERT-FR a \u00e9galement connaissance de campagnes d\u0027identification de\nserveurs Confluence expos\u00e9s sur Internet. De plus, des codes\nd\u0027exploitation sont disponibles publiquement pour cette vuln\u00e9rabilit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Atlassian Confluence Server et Data Center",
"vendor_advisories": [
{
"published_at": "2021-08-25",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CVE-2021-26084",
"url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html"
}
]
}
CVE-2019-3398 (GCVE-0-2019-3398)
Vulnerability from nvd
Published
2019-04-18 17:21
Modified
2025-10-21 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Path Traversal
Summary
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Confluence |
Version: 2.0.0 < unspecified Version: unspecified < 6.6.13 Version: 6.7.0 < unspecified Version: unspecified < 6.12.4 Version: 6.13.0 < unspecified Version: unspecified < 6.13.4 Version: 6.14.0 < unspecified Version: unspecified < 6.14.3 Version: 6.15.0 < unspecified Version: unspecified < 6.15.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-58102"
},
{
"name": "20190424 Confluence Security Advisory - 2019-04-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html"
},
{
"name": "108067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108067"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-3398",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:26:29.325819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3398"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:39.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3398"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2019-3398 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Confluence",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "6.6.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.7.0",
"versionType": "custom"
},
{
"lessThan": "6.12.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.13.0",
"versionType": "custom"
},
{
"lessThan": "6.13.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.14.0",
"versionType": "custom"
},
{
"lessThan": "6.14.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.15.0",
"versionType": "custom"
},
{
"lessThan": "6.15.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has \u0027Admin\u0027 permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T17:06:43.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-58102"
},
{
"name": "20190424 Confluence Security Advisory - 2019-04-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html"
},
{
"name": "108067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108067"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-04-17T00:00:00",
"ID": "CVE-2019-3398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Confluence",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_value": "6.6.13"
},
{
"version_affected": "\u003e=",
"version_value": "6.7.0"
},
{
"version_affected": "\u003c",
"version_value": "6.12.4"
},
{
"version_affected": "\u003e=",
"version_value": "6.13.0"
},
{
"version_affected": "\u003c",
"version_value": "6.13.4"
},
{
"version_affected": "\u003e=",
"version_value": "6.14.0"
},
{
"version_affected": "\u003c",
"version_value": "6.14.3"
},
{
"version_affected": "\u003e=",
"version_value": "6.15.0"
},
{
"version_affected": "\u003c",
"version_value": "6.15.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has \u0027Admin\u0027 permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CONFSERVER-58102",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CONFSERVER-58102"
},
{
"name": "20190424 Confluence Security Advisory - 2019-04-17",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/33"
},
{
"name": "http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html"
},
{
"name": "108067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108067"
},
{
"name": "http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
},
{
"name": "http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2019-3398",
"datePublished": "2019-04-18T17:21:37.687Z",
"dateReserved": "2018-12-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:39.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3396 (GCVE-0-2019-3396)
Vulnerability from nvd
Published
2019-03-25 18:37
Modified
2025-10-21 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Server-Side Template Injection
Summary
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Confluence Server |
Version: unspecified < 6.6.12 Version: 6.7.0 < unspecified Version: unspecified < 6.12.3 Version: next of 6.13.0 < unspecified Version: unspecified < 6.13.3 Version: next of 6.14.0 < unspecified Version: unspecified < 6.14.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-57974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector"
},
{
"name": "46731",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46731/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-3396",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:25:45.543931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3396"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:41.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3396"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2019-3396 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Confluence Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "6.6.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.7.0",
"versionType": "custom"
},
{
"lessThan": "6.12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "next of 6.13.0",
"versionType": "custom"
},
{
"lessThan": "6.13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "next of 6.14.0",
"versionType": "custom"
},
{
"lessThan": "6.14.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Template Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-22T16:06:08.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-57974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector"
},
{
"name": "46731",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46731/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-03-20T10:00:00",
"ID": "CVE-2019-3396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Confluence Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.6.12"
},
{
"version_affected": "\u003e=",
"version_value": "6.7.0"
},
{
"version_affected": "\u003c",
"version_value": "6.12.3"
},
{
"version_affected": "\u003e",
"version_value": "6.13.0"
},
{
"version_affected": "\u003c",
"version_value": "6.13.3"
},
{
"version_affected": "\u003e",
"version_value": "6.14.0"
},
{
"version_affected": "\u003c",
"version_value": "6.14.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Template Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CONFSERVER-57974",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CONFSERVER-57974"
},
{
"name": "http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector"
},
{
"name": "46731",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46731/"
},
{
"name": "http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2019-3396",
"datePublished": "2019-03-25T18:37:06.256Z",
"dateReserved": "2018-12-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:41.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3398 (GCVE-0-2019-3398)
Vulnerability from cvelistv5
Published
2019-04-18 17:21
Modified
2025-10-21 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Path Traversal
Summary
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Confluence |
Version: 2.0.0 < unspecified Version: unspecified < 6.6.13 Version: 6.7.0 < unspecified Version: unspecified < 6.12.4 Version: 6.13.0 < unspecified Version: unspecified < 6.13.4 Version: 6.14.0 < unspecified Version: unspecified < 6.14.3 Version: 6.15.0 < unspecified Version: unspecified < 6.15.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-58102"
},
{
"name": "20190424 Confluence Security Advisory - 2019-04-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html"
},
{
"name": "108067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108067"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-3398",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:26:29.325819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3398"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:39.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3398"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2019-3398 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Confluence",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "6.6.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.7.0",
"versionType": "custom"
},
{
"lessThan": "6.12.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.13.0",
"versionType": "custom"
},
{
"lessThan": "6.13.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.14.0",
"versionType": "custom"
},
{
"lessThan": "6.14.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.15.0",
"versionType": "custom"
},
{
"lessThan": "6.15.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has \u0027Admin\u0027 permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T17:06:43.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-58102"
},
{
"name": "20190424 Confluence Security Advisory - 2019-04-17",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html"
},
{
"name": "108067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108067"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-04-17T00:00:00",
"ID": "CVE-2019-3398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Confluence",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_value": "6.6.13"
},
{
"version_affected": "\u003e=",
"version_value": "6.7.0"
},
{
"version_affected": "\u003c",
"version_value": "6.12.4"
},
{
"version_affected": "\u003e=",
"version_value": "6.13.0"
},
{
"version_affected": "\u003c",
"version_value": "6.13.4"
},
{
"version_affected": "\u003e=",
"version_value": "6.14.0"
},
{
"version_affected": "\u003c",
"version_value": "6.14.3"
},
{
"version_affected": "\u003e=",
"version_value": "6.15.0"
},
{
"version_affected": "\u003c",
"version_value": "6.15.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has \u0027Admin\u0027 permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CONFSERVER-58102",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CONFSERVER-58102"
},
{
"name": "20190424 Confluence Security Advisory - 2019-04-17",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/33"
},
{
"name": "http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152616/Confluence-Server-Data-Center-Path-Traversal.html"
},
{
"name": "108067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108067"
},
{
"name": "http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155235/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
},
{
"name": "http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155245/Atlassian-Confluence-6.15.1-Directory-Traversal.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2019-3398",
"datePublished": "2019-04-18T17:21:37.687Z",
"dateReserved": "2018-12-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:39.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3396 (GCVE-0-2019-3396)
Vulnerability from cvelistv5
Published
2019-03-25 18:37
Modified
2025-10-21 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Server-Side Template Injection
Summary
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Confluence Server |
Version: unspecified < 6.6.12 Version: 6.7.0 < unspecified Version: unspecified < 6.12.3 Version: next of 6.13.0 < unspecified Version: unspecified < 6.13.3 Version: next of 6.14.0 < unspecified Version: unspecified < 6.14.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-57974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector"
},
{
"name": "46731",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46731/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-3396",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:25:45.543931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3396"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:41.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3396"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2019-3396 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Confluence Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "6.6.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.7.0",
"versionType": "custom"
},
{
"lessThan": "6.12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "next of 6.13.0",
"versionType": "custom"
},
{
"lessThan": "6.13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "next of 6.14.0",
"versionType": "custom"
},
{
"lessThan": "6.14.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Template Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-22T16:06:08.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-57974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector"
},
{
"name": "46731",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46731/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-03-20T10:00:00",
"ID": "CVE-2019-3396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Confluence Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.6.12"
},
{
"version_affected": "\u003e=",
"version_value": "6.7.0"
},
{
"version_affected": "\u003c",
"version_value": "6.12.3"
},
{
"version_affected": "\u003e",
"version_value": "6.13.0"
},
{
"version_affected": "\u003c",
"version_value": "6.13.3"
},
{
"version_affected": "\u003e",
"version_value": "6.14.0"
},
{
"version_affected": "\u003c",
"version_value": "6.14.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Template Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CONFSERVER-57974",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CONFSERVER-57974"
},
{
"name": "http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector"
},
{
"name": "46731",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46731/"
},
{
"name": "http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2019-3396",
"datePublished": "2019-03-25T18:37:06.256Z",
"dateReserved": "2018-12-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:41.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2018-000114
Vulnerability from jvndb
Published
2018-10-29 13:36
Modified
2018-10-29 13:36
Severity ?
Summary
Confluence Server vulnerable to script injection
Details
User Macros of Confluence Server provided by Atlassian Pty Ltd. contains a script injection vulnerability (CWE-74).
Kanta Nishitani of Information Science College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000114.html",
"dc:date": "2018-10-29T13:36+09:00",
"dcterms:issued": "2018-10-29T13:36+09:00",
"dcterms:modified": "2018-10-29T13:36+09:00",
"description": "User Macros of Confluence Server provided by Atlassian Pty Ltd. contains a script injection vulnerability (CWE-74).\r\n\r\nKanta Nishitani of Information Science College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000114.html",
"sec:cpe": {
"#text": "cpe:/a:atlassian:confluence",
"@product": "Confluence",
"@vendor": "Atlassian",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000114",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN37943805/index.html",
"@id": "JVN#37943805",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Confluence Server vulnerable to script injection"
}