Refine your search
16 vulnerabilities found for Jira by Atlassian
CERTFR-2025-AVI-0903
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.28 | ||
| Atlassian | Jira | Jira Software Server versions 11.1.x antérieures à 11.1.0 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.28 | ||
| Atlassian | Jira | Jira Service Management Server versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.x antérieures à 10.0.2 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.1.x antérieures à 11.1.0 | ||
| Atlassian | Jira | Jira Software Server versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.28 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.3.x antérieures à 10.3.12 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.2.7 | ||
| Atlassian | Jira | Jira Service Management Server versions 11.1.x antérieures à 11.1.0 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.3.x antérieures à 10.3.12 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.28 | ||
| Atlassian | Jira | Jira Software Server versions 10.3.x antérieures à 10.3.12 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.1.x antérieures à 11.1.0 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.25 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.3.x antérieures à 10.3.12 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.2.7",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.25",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22166"
},
{
"name": "CVE-2025-22167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22167"
}
],
"initial_release_date": "2025-10-22T00:00:00",
"last_revision_date": "2025-10-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0903",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26567",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26567"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26566",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26566"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16410",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16410"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-100907",
"url": "https://jira.atlassian.com/browse/CONFSERVER-100907"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26564",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26564"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16408",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16408"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16412",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16412"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16413",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16413"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16411",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16411"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26552",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26552"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26538",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26538"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26565",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26565"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16409",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16409"
}
]
}
CERTFR-2025-AVI-0794
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.24 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.7.x antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Server versions 10.3.x antérieures à 10.3.9 | ||
| Atlassian | Confluence | Confluence Server versions 9.5.x antérieures à 9.5.2 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Confluence | Confluence Server versions 10.0.x antérieures à 10.0.3 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.3.x antérieures à 10.3.9 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.26 | ||
| Atlassian | Confluence | Confluence Server versions 9.2.x antérieures à 9.2.6 | ||
| Atlassian | Jira | Jira Service Management Server versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.24 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.3.x antérieures à 10.3.9 | ||
| Atlassian | Jira | Jira Software Server versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.0.x antérieures à 11.0.1 | ||
| Atlassian | Jira | Jira Software Server versions 10.7.x antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.26 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.3.x antérieures à 10.3.9 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.2.x antérieures à 9.2.6 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.26 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.7.x antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.7.x antérieures à 10.7.3 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.5.x antérieures à 9.5.2 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.26 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.0.x antérieures à 10.0.3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.24",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.24",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.0.x ant\u00e9rieures \u00e0 10.0.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2025-09-17T00:00:00",
"last_revision_date": "2025-09-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0794",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16367",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16367"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26500",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26500"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-100795",
"url": "https://jira.atlassian.com/browse/CONFSERVER-100795"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16369",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16369"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26499",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26499"
}
]
}
CERTFR-2025-AVI-0593
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Service Management Data Center versions 10.x antérieures à 10.7.2 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.x antérieures à 10.3.8 LTS | ||
| Atlassian | Jira | Jira Software Data Center versions 10.x antérieures à 10.7.2 | ||
| Atlassian | Jira | Jira Software Server versions 9.x antérieures à 9.12.25 LTS | ||
| Atlassian | Jira | Jira Software Server versions 10.x antérieures à 10.7.2 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.8 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 10.x antérieures à 10.7.2 | ||
| Atlassian | Confluence | Confluence Server versions 9.x antérieures à 9.5.2 | ||
| Atlassian | Confluence | Confluence Server versions 9.x antérieures à 9.2.6 LTS | ||
| Atlassian | Jira | Jira Software Data Center versions 10.x antérieures à 10.3.8 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.2.6 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.x antérieures à 5.12.25 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 5.x antérieures à 5.12.25 LTS | ||
| Atlassian | Jira | Jira Software Data Center versions 9.x antérieures à 9.12.25 LTS | ||
| Atlassian | Jira | Jira Software Server versions 10.x antérieures à 10.3.8 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.5.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Service Management Data Center versions 10.x ant\u00e9rieures \u00e0 10.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.x ant\u00e9rieures \u00e0 10.3.8 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.x ant\u00e9rieures \u00e0 10.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 9.x ant\u00e9rieures \u00e0 9.12.25 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.8 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.x ant\u00e9rieures \u00e0 10.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.x ant\u00e9rieures \u00e0 9.2.6 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.8 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.2.6 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.x ant\u00e9rieures \u00e0 5.12.25 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.x ant\u00e9rieures \u00e0 5.12.25 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 9.x ant\u00e9rieures \u00e0 9.12.25 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.3.8 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27820"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
}
],
"initial_release_date": "2025-07-16T00:00:00",
"last_revision_date": "2025-07-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0593",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26443",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26443"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16310",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16310"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26442",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26442"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16309",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16309"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26470",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26470"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26468",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26468"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16269",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16269"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26469",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26469"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16308",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16308"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16311",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16311"
},
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-100164",
"url": "https://jira.atlassian.com/browse/CONFSERVER-100164"
}
]
}
CERTFR-2025-AVI-0520
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Service Management Server versions 10.6.x antérieures à 10.6.1 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.6.x antérieures à 10.6.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.5.x antérieures à 9.5.1 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.6 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.6.x antérieures à 10.6.1 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.6.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.2.x antérieures à 9.2.5 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.3.6 | ||
| Atlassian | Confluence | Confluence Server versions 9.5.x antérieures à 9.5.1 | ||
| Atlassian | Confluence | Confluence Server versions 9.2.x antérieures à 9.2.5 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.6 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.4.x antérieures à 9.4.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.23 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.23 | ||
| Atlassian | Confluence | Confluence Server versions 9.4.x antérieures à 9.4.1 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.3.6 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Service Management Server versions 10.6.x ant\u00e9rieures \u00e0 10.6.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.6.x ant\u00e9rieures \u00e0 10.6.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.5.x ant\u00e9rieures \u00e0 9.5.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.6.x ant\u00e9rieures \u00e0 10.6.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.6.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.23",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.23",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2025-06-18T00:00:00",
"last_revision_date": "2025-06-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0520",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99921",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99921"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99835",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99835"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16260",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16260"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26411",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26411"
}
]
}
CERTFR-2025-AVI-0435
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.3.2 | ||
| Atlassian | Jira | Jira Core Data Center versions antérieures à 9.12.22 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.22 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.6.0 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.6.0 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.4 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.22 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.3.2 | ||
| Atlassian | Jira | Jira Core Server versions antérieures à 10.5.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Core Server versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.5.1 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.4 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.4.1 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 9.12.22 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.5.1 | ||
| Atlassian | Jira | Jira Core Data Center versions antérieures à 10.5.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.22 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.22 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.4.1 | ||
| Atlassian | Jira | Jira Core Server versions antérieures à 10.6.0 | ||
| Atlassian | Jira | Jira Core Data Center versions antérieures à 10.6.0 | ||
| Atlassian | Jira | Jira Core Data Center versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Core Server versions antérieures à 9.12.22 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 9.12.22 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.22",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.6.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.6.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.22",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions ant\u00e9rieures \u00e0 10.6.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 10.6.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-22157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22157"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
}
],
"initial_release_date": "2025-05-21T00:00:00",
"last_revision_date": "2025-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0435",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99686",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99686"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16206",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16206"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16207",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16207"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99568",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99568"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JRASERVER-78766",
"url": "https://jira.atlassian.com/browse/JRASERVER-78766"
}
]
}
CERTFR-2025-AVI-0316
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.21 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.3.2 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.5.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.3 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.22 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.3.2 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.5.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.21 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.5 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.5.1 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.22 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.22 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.22 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.5.1 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.3.5 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.4.0 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.21",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.21",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.5.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2025-04-16T00:00:00",
"last_revision_date": "2025-04-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0316",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99547",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99547"
},
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26359",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26359"
},
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16144",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16144"
},
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99540",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99540"
}
]
}
CERTFR-2025-AVI-0218
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Atlassian Jira. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Service Management Data Center versions 5.x postérieures à 5.12 et versions 10.x antérieures à 10.3.4 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.4.x antérieures à 10.5.0 | ||
| Atlassian | Jira | Jira Software Server versions 9.12.x antérieures à 9.12.19 | ||
| Atlassian | Jira | Jira Software Server versions 5.x postérieures à 5.12 et versions 10.x antérieures à 10.3.4 | ||
| Atlassian | Jira | Jira Service Management Server versions 5.x postérieures à 5.12 et versions 10.x antérieures à 10.3.4 | ||
| Atlassian | Jira | Jira Service Management Server versions postérieures à 5.7.0 et antérieures à antérieures à 5.12.19 | ||
| Atlassian | Jira | Jira Service Management Data Center versions postérieures à 5.7.0 et antérieures à 5.12.19 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.4.x antérieures à 10.5.0 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.3.4 | ||
| Atlassian | Jira | Jira Software Server versions 10.4.x antérieures à 10.5.0 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.4.x antérieures à 10.5.0 | ||
| Atlassian | Jira | Jira Software Data Center versions 9.12.x antérieures à 9.12.19 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Service Management Data Center versions 5.x post\u00e9rieures \u00e0 5.12 et versions 10.x ant\u00e9rieures \u00e0 10.3.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.4.x ant\u00e9rieures \u00e0 10.5.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.19",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 5.x post\u00e9rieures \u00e0 5.12 et versions 10.x ant\u00e9rieures \u00e0 10.3.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.x post\u00e9rieures \u00e0 5.12 et versions 10.x ant\u00e9rieures \u00e0 10.3.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions post\u00e9rieures \u00e0 5.7.0 et ant\u00e9rieures \u00e0 ant\u00e9rieures \u00e0 5.12.19",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions post\u00e9rieures \u00e0 5.7.0 et ant\u00e9rieures \u00e0 5.12.19",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.4.x ant\u00e9rieures \u00e0 10.5.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.4.x ant\u00e9rieures \u00e0 10.5.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.4.x ant\u00e9rieures \u00e0 10.5.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.19",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
}
],
"initial_release_date": "2025-03-19T00:00:00",
"last_revision_date": "2025-03-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0218",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Atlassian Jira. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Atlassian Jira",
"vendor_advisories": [
{
"published_at": "2025-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26303",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26303"
},
{
"published_at": "2025-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16086",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16086"
},
{
"published_at": "2025-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26333",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26333"
},
{
"published_at": "2025-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16083",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16083"
}
]
}
CERTFR-2025-AVI-0144
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.19 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.19 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.15 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.4.28 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.17.4 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.1 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.15 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.1.2 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.1 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.4.28 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.17.4 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.1.2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.19",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.19",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.4.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.1.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.4.28",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.1.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
}
],
"initial_release_date": "2025-02-19T00:00:00",
"last_revision_date": "2025-02-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0144",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26299",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26299"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99216",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99216"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99215",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99215"
}
]
}
CERTFR-2024-AVI-1006
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Core Data Center versions 9.12.x antérieures à 9.12.15 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.17.x antérieures à 5.17.4 | ||
| Atlassian | Jira | Jira Core Server versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions 8.5.x antérieures à 8.5.17 LTS | ||
| Atlassian | Jira | Jira Core Server versions 9.4.x antérieures à 9.4.28 LTS | ||
| Atlassian | Jira | Jira Core Server versions 9.17.x antérieures à 9.17.4 | ||
| Atlassian | Jira | Jira Service Management Server versions 5.17.x antérieures à 5.17.4 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.x antérieures à 8.9.8 | ||
| Atlassian | Jira | Jira Core Data Center versions 9.17.x antérieures à 9.17.4 | ||
| Atlassian | Jira | Jira Core Server versions 9.12.x antérieures à 9.12.15 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions 8.x antérieures à 8.9.8 | ||
| Atlassian | Jira | Jira Service Management Server versions 5.12.x antérieures à 5.12.15 LTS | ||
| Atlassian | Jira | Jira Core Data Center versions 9.4.x antérieures à 9.4.28 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 5.4.x antérieures à 5.4.28 LTS | ||
| Atlassian | Jira | Jira Core Data Center versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.5.x antérieures à 8.5.17 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.1.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.12.x antérieures à 5.12.15 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 7.19.x antérieures à 7.19.29 LTS | ||
| Atlassian | Confluence | Confluence Server versions 7.19.x antérieures à 7.19.29 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.4.x antérieures à 5.4.28 LTS |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Core Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.17.x ant\u00e9rieures \u00e0 5.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.17 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.17.x ant\u00e9rieures \u00e0 5.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.x ant\u00e9rieures \u00e0 8.9.8",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.x ant\u00e9rieures \u00e0 8.9.8",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.12.x ant\u00e9rieures \u00e0 5.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.4.x ant\u00e9rieures \u00e0 5.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.5.x ant\u00e9rieures \u00e0 8.5.17 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.12.x ant\u00e9rieures \u00e0 5.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 7.19.x ant\u00e9rieures \u00e0 7.19.29 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 7.19.x ant\u00e9rieures \u00e0 7.19.29 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.4.x ant\u00e9rieures \u00e0 5.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
}
],
"initial_release_date": "2024-11-20T00:00:00",
"last_revision_date": "2024-11-20T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1006",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98022",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98022"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98299",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98299"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98481",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98481"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98442",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98442"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15626",
"url": "https://jira.atlassian.com/browse/JSDSERVER-15626"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15689",
"url": "https://jira.atlassian.com/browse/JSDSERVER-15689"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98484",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98484"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JRASERVER-78199",
"url": "https://jira.atlassian.com/browse/JRASERVER-78199"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98231",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98231"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98021",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98021"
}
]
}
CERTFR-2024-AVI-0703
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance, une injection de code indirecte à distance (XSS) et une injection de requêtes illégitimes par rebond (CSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center et Server versions 8.9.x antérieures à 8.9.5 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.x antérieures à 8.5.14 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions antérieures à 7.19.26 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 9.17.x antérieures à 9.17.1 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 9.4.x antérieures à 9.4.25 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.x antérieures à 9.0.1 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.12 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center et Server versions 8.9.x ant\u00e9rieures \u00e0 8.9.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.x ant\u00e9rieures \u00e0 8.5.14",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions ant\u00e9rieures \u00e0 7.19.26",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 9.17.x ant\u00e9rieures \u00e0 9.17.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.25",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.x ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.12",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21690"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
}
],
"initial_release_date": "2024-08-21T00:00:00",
"last_revision_date": "2024-08-21T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0703",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une injection de code indirecte \u00e0 distance (XSS) et une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-97720",
"url": "https://jira.atlassian.com/browse/CONFSERVER-97720"
},
{
"published_at": "2024-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26047",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26047"
},
{
"published_at": "2024-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-97657",
"url": "https://jira.atlassian.com/browse/CONFSERVER-97657"
}
]
}
CERTFR-2024-AVI-0590
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.0 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 7.19.25 LTS | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.4.18 LTS | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.8.0 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.8.0 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.12 LTS | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.4.18 LTS | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.0 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.12 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.9.4 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 7.19.25 LTS |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.0 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 7.19.25 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.4.18 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.8.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.8.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.12 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.4.18 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.0 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.12 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.9.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 7.19.25 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2024-21686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21686"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2019-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12402"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
}
],
"initial_release_date": "2024-07-17T00:00:00",
"last_revision_date": "2024-07-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0590",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96100",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96100"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96103",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96103"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96099",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96099"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25951",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25951"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96101",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96101"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96102",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96102"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96134",
"url": "https://jira.atlassian.com/browse/CONFSERVER-96134"
}
]
}
CERTFR-2024-AVI-0432
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.9.1 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 7.19.22 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.8.0 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.11.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.7 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.0 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.15.2 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.9 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.7.2 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.4.20 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.15.2 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.4.20 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.9.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 7.19.22",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.8.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.11.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.15.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.9",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.4.20",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.15.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.4.20",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-45859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45859"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"name": "CVE-2024-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21683"
}
],
"initial_release_date": "2024-05-22T00:00:00",
"last_revision_date": "2024-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0432",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25950",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25950"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25949",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25949"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95839",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95839"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25896",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25896"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95834",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95834"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95832",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25948",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25948"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25905",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25905"
}
]
}
CERTFR-2024-AVI-0312
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center versions 9.12.x LTS antérieures à 9.12.7 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.4.19 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 7.x LTS antérieures 7.19.20 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.4.19 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.7.1 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.15.0 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.6 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.7 LTS | ||
| Atlassian | Confluence | Confluence Server versions 7.x LTS antérieures 7.19.20 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 8.x LTS antérieures à 8.5.7 LTS | ||
| Atlassian | Jira | Jira Software Server versions 9.1.x, 9.2.x, 9.3.x et 9.4.x antérieures à 9.4.18 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.6 | ||
| Atlassian | Jira | Jira Software Data Center versions 9.1.x, 9.2.x, 9.3.x et 9.4.x antérieures à 9.4.18 LTS | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.7 LTS |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center versions 9.12.x LTS ant\u00e9rieures \u00e0 9.12.7 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.4.19 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 7.x LTS ant\u00e9rieures 7.19.20 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.4.19 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.7.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.15.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.7 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 7.x LTS ant\u00e9rieures 7.19.20 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.x LTS ant\u00e9rieures \u00e0 8.5.7 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 9.1.x, 9.2.x, 9.3.x et 9.4.x ant\u00e9rieures \u00e0 9.4.18 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.6",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 9.1.x, 9.2.x, 9.3.x et 9.4.x ant\u00e9rieures \u00e0 9.4.18 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.7 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
}
],
"initial_release_date": "2024-04-17T00:00:00",
"last_revision_date": "2024-04-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0312",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-17T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour du r\u00e9sum\u00e9",
"revision_date": "2024-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Atlassian\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15248 du 16 avril 2024",
"url": "https://jira.atlassian.com/browse/JSDSERVER-15248"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25885 du 16 avril 2024",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25885"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25892 du 16 avril 2024",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25892"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95099 du 16 avril 2024",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95099"
}
]
}
CERTFR-2024-AVI-0040
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Atlassian Confluence et Jira. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions LTS 8.5.x antérieures à la version 8.5.5 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.x antérieures à la version 8.7.2 | ||
| Atlassian | Jira | Jira Service Management Data Center et Jira Service Management Server versions 4.20.x antérieures à la version 4.20.30 | ||
| Atlassian | Jira | Jira Data Center et Jira Server versions 9.x antérieures à la version 9.7.0 | ||
| Atlassian | Confluence | Confluence Data Center versions 7.x antérieures à la version 7.19.18 | ||
| Atlassian | Confluence | Confluence Server versions 7.x antérieures à la version 7.19.18 | ||
| Atlassian | Confluence | Confluence Server versions 8.5.x antérieures à la version 8.5.5 | ||
| Atlassian | Jira | Jira Service Management Data Center et Jira Service Management Server versions 5.x antérieures à la version 5.12.2 | ||
| Atlassian | Jira | Jira Service Management Data Center et Jira Service Management Server versions LTS 5.4.x antérieures à la version 5.4.15 | ||
| Atlassian | Jira | Jira Data Center et Jira Server versions LTS 9.4.x antérieures à la version 9.4.13 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions LTS 8.5.x ant\u00e9rieures \u00e0 la version 8.5.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.x ant\u00e9rieures \u00e0 la version 8.7.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Jira Service Management Server versions 4.20.x ant\u00e9rieures \u00e0 la version 4.20.30",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Data Center et Jira Server versions 9.x ant\u00e9rieures \u00e0 la version 9.7.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 7.x ant\u00e9rieures \u00e0 la version 7.19.18",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 7.x ant\u00e9rieures \u00e0 la version 7.19.18",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.5.x ant\u00e9rieures \u00e0 la version 8.5.5",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Jira Service Management Server versions 5.x ant\u00e9rieures \u00e0 la version 5.12.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Jira Service Management Server versions LTS 5.4.x ant\u00e9rieures \u00e0 la version 5.4.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Data Center et Jira Server versions LTS 9.4.x ant\u00e9rieures \u00e0 la version 9.4.13",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21672"
},
{
"name": "CVE-2023-22527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22527"
},
{
"name": "CVE-2022-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2022-44729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44729"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2023-22526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22526"
},
{
"name": "CVE-2024-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21673"
}
],
"initial_release_date": "2024-01-16T00:00:00",
"last_revision_date": "2024-01-16T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0040",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Atlassian\nConfluence et Jira. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Atlassian Confluence et Jira",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian 1333335615 du 16 janvier 2024",
"url": "https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian 1333990257 du 16 janvier 2024",
"url": "https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html"
}
]
}
CVE-2019-11581 (GCVE-0-2019-11581)
Vulnerability from nvd
Published
2019-08-09 19:30
Modified
2025-10-21 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Template injection
Summary
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Jira Server and Data Center |
Version: 4.4.0 < unspecified Version: unspecified < 7.6.14 Version: 7.7.0 < unspecified Version: unspecified < 7.13.5 Version: 8.0.0 < unspecified Version: unspecified < 8.0.3 Version: 8.1.0 < unspecified Version: unspecified < 8.1.2 Version: 8.2.0 < unspecified Version: unspecified < 8.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-69532"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-11581",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:28:21.195049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11581"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:32.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11581"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-07T00:00:00+00:00",
"value": "CVE-2019-11581 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Server and Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.4.0",
"versionType": "custom"
},
{
"lessThan": "7.6.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
},
{
"lessThan": "7.13.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
},
{
"lessThan": "8.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"lessThan": "8.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"lessThan": "8.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Template injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T19:30:59.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-69532"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-07-10T10:00:00",
"ID": "CVE-2019-11581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server and Data Center",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "4.4.0"
},
{
"version_affected": "\u003c",
"version_value": "7.6.14"
},
{
"version_affected": "\u003e=",
"version_value": "7.7.0"
},
{
"version_affected": "\u003c",
"version_value": "7.13.5"
},
{
"version_affected": "\u003e=",
"version_value": "8.0.0"
},
{
"version_affected": "\u003c",
"version_value": "8.0.3"
},
{
"version_affected": "\u003e=",
"version_value": "8.1.0"
},
{
"version_affected": "\u003c",
"version_value": "8.1.2"
},
{
"version_affected": "\u003e=",
"version_value": "8.2.0"
},
{
"version_affected": "\u003c",
"version_value": "8.2.3"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Template injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/JRASERVER-69532",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/JRASERVER-69532"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2019-11581",
"datePublished": "2019-08-09T19:30:59.317Z",
"dateReserved": "2019-04-29T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:32.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11581 (GCVE-0-2019-11581)
Vulnerability from cvelistv5
Published
2019-08-09 19:30
Modified
2025-10-21 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Template injection
Summary
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Jira Server and Data Center |
Version: 4.4.0 < unspecified Version: unspecified < 7.6.14 Version: 7.7.0 < unspecified Version: unspecified < 7.13.5 Version: 8.0.0 < unspecified Version: unspecified < 8.0.3 Version: 8.1.0 < unspecified Version: unspecified < 8.1.2 Version: 8.2.0 < unspecified Version: unspecified < 8.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-69532"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-11581",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:28:21.195049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11581"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:32.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11581"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-07T00:00:00+00:00",
"value": "CVE-2019-11581 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Server and Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.4.0",
"versionType": "custom"
},
{
"lessThan": "7.6.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
},
{
"lessThan": "7.13.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
},
{
"lessThan": "8.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"lessThan": "8.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"lessThan": "8.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Template injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T19:30:59.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-69532"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-07-10T10:00:00",
"ID": "CVE-2019-11581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server and Data Center",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "4.4.0"
},
{
"version_affected": "\u003c",
"version_value": "7.6.14"
},
{
"version_affected": "\u003e=",
"version_value": "7.7.0"
},
{
"version_affected": "\u003c",
"version_value": "7.13.5"
},
{
"version_affected": "\u003e=",
"version_value": "8.0.0"
},
{
"version_affected": "\u003c",
"version_value": "8.0.3"
},
{
"version_affected": "\u003e=",
"version_value": "8.1.0"
},
{
"version_affected": "\u003c",
"version_value": "8.1.2"
},
{
"version_affected": "\u003e=",
"version_value": "8.2.0"
},
{
"version_affected": "\u003c",
"version_value": "8.2.3"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Template injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/JRASERVER-69532",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/JRASERVER-69532"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2019-11581",
"datePublished": "2019-08-09T19:30:59.317Z",
"dateReserved": "2019-04-29T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:32.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}