Chère cliente, cher client, Le 6 décembre 2023, 6:00AM, Atlassian a publié 4 avis de sécurité pour ses produits on-premise Dear customer, On the 6th of December 2023, 12am EST, Atlassian issued four Security Advisories for it's on-premise software products, Confluence Cloud Migration App, and the et Assets Discovery (stand-alone app) for pour Cloud and et on-premise. What you need to knowAtlassian has discovered four critical vulnerabilities impacting customers of the products listed below. All four vulnerabilities carry a critical CVSS score of 9.0 or higher, and customers must take immediate action to protect their instances. Ce qu'il faut savoirAtlassian a découvert quatre vulnérabilités critiques affectant les clients des produits répertoriés ci-dessous. Les quatre vulnérabilités ont un score CVSS critique de 9,0 ou plus, et les clients doivent prendre des mesures immédiates pour protéger leurs instances. Versions concernées Affected versions CVE-2022-1471 - SnakeYAML library RCE Vulnerability Impacts Multiple Products ProductAffected Versions concernées |
---|
Confluence Data Center | and Serveret Serveur | 6.13.x 6.14.x 6.15.x 7.0.x 7.1.x 7.2.x 7.3.x 7.4.x 7.5.x 7.6.x 7.7.x 7.8.x 7.9.x 7.10.x 7.11.x 7.12.x 7.13.0 7.13.1 7.13.2 7.13.3 7.13.4 7.13.5 7.13.6 7.13.7 7.13.8 7.13.9 7.13.10 7.13.11 7.13.12 7.13.13 7.13.14 7.13.15 7.13.16 7.13.17 7.14.x 7.15.x 7.16.x 7.17.x 7.18.x 7.19.0 7.19.1 7.19.2 7.19.3 7.19.4 7.19.5 7.19.6 7.19.7 7.19.8 7.19.9 7.20.x 8.0.x 8.1.x 8.2.x 8.3.0
| Jira Software Data Center | and Serveret Serveur | 9.4.0 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.4.6 9.4.7 9.4.8 9.4.9 9.4.10 9.4.11 9.4.12 9.5.x 9.6.x 9.7.x 9.8.x 9.9.x 9.10.x 9.11.0 9.11.1
| Jira Service Management Data Center | and Serveret Serveur | 5.4.0 5.4.1 5.4.2 5.4.3 5.4.4 5.4.5 5.4.6 5.4.7 5.4.8 5.4.9 5.4.10 5.4.11 5.4.12 5.5.x 5.6.x 5.7.x 5.8.x 5.9.x 5.10.x 5.11.0 5.11.1
| Jira Core Data Center | and Serveret Serveur | 9.4.0 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.4.6 9.4.7 9.4.8 9.4.9 9.4.10 9.4.11 9.4.12 9.5.x 9.6.x 9.7.x 9.8.x 9.9.x 9.10.x 9.11.0 9.11.1
| Bitbucket Data Center | and Serveret Serveur | 7.17.x 7.18.x 7.19.x 7.20.x 7.21.0 7.21.1 7.21.2 7.21.3 7.21.4 7.21.5 7.21.6 7.21.7 7.21.8 7.21.9 7.21.10 7.21.11 7.21.12 7.21.13 7.21.14 7.21.15 8.0.x 8.1.x 8.2.x 8.3.x 8.4.x 8.5.x 8.6.x 8.7.x 8.8.0 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.8.6 8.9.0 8.9.1 8.9.2 8.9.3 8.10.0 8.10.1 8.10.2 8.10.3 8.11.0 8.11.1 8.11.2 8.12.0
| Confluence Cloud Migration App (CCMA) | Plugin versions lower than | Automation for Jira (A4J) app ( | including y compris l'édition Server Lite | edition Affected versions Versions concernées CVE-2023-22522 - RCE Vulnerability in Confluence Data Center and Server ProductAffected Versions concernées |
---|
Confluence Data Center | and Server Affected Versions concernées CVE-2023-22523 - RCE Vulnerability in Assets Discovery (stand-alone app) ProductAffected Versions concernées |
---|
Assets Discovery (Jira Service Management Cloud) | Insight Discovery 1.0 - 3.1.3 Assets Discovery 3.1.4 - 3.1.7 Assets Discovery 3.1.8-cloud - 3.1.11-cloud
| Assets Discovery (Jira Service Management Data Center | and Serveret Serveur) | Insight Discovery 1.0 - 3.1.7 Assets Discovery 3.1.9 - 3.1.11 Assets Discovery 6.0.0 - 6.1.14, 6.1.14-jira-dc-8
|
Affected versions Versions concernées CVE-2023-22524 - RCE Vulnerability in Atlassian Companion App for MacOS ProductAffected Versions concernées |
---|
Atlassian Companion App for MacOS | All Toutes les versions (MacOS) | up to but not including are affected by the vulnerabilitynon incluse sont affectées par la vulnérabilité. |
Fixed Versions Note |
---|
bitvoodoo recommends using the latest LTS releases of Jira, Confluence, and Bitbucket. |
Product | Fixed Versions |
---|
Confluence Data Center and Server | 7.19.17 (LTS) 8.4.5 8.5.4 (LTS) 8.6.2 8.7.0
| Jira Software Data Center and Server | 9.11.2 9.12.0 (LTS) 9.4.13 (LTS)
| Jira Service Management Data Center and Server | 5.11.2 5.12.0 (LTS) 5.4.13 (LTS)
| Jira Core Data Center and Server | 9.11.2 9.12.0 (LTS) 9.4.13 (LTS)
| Bitbucket Data Center and Server | 7.21.16 (LTS) 8.10.4 8.11.3 8.12.1 8.13.0 8.8.7 8.9.4 (LTS)
| Confluence Cloud Migration App (CCMA) | | Automation for Jira (A4J) app (including Server Lite edition) | | Assets Discovery (Jira Service Management Cloud) | - Assets Discovery 3.2.0-cloud or later
| Assets Discovery (Jira Service Management Data Center and Server) | | Atlassian Companion App for MacOS | |
What should I do? - On-Premise Products Localtab Group |
---|
Localtab |
---|
active | true |
---|
title | Server & Data Center |
---|
tabIcon | bvicon-server |
---|
| You use the Server or Data Center variant of any Atlassian application in a version listed in Affected Versions. UpdateUpdate to a version listed in Fixed Versions. Note |
---|
bitvoodoo recommends using the latest LTS releases of Jira, Confluence and Bitbucket. |
WorkaroundThere are currently no workarounds. |
Localtab |
---|
title | Cloud |
---|
tabIcon | bvicon-cloud |
---|
| You use Assets Discovery (standalone app) in Jira Service Management Cloud Note |
---|
Update to Assets Discovery 3.2.0-cloud or later |
If you don't use Assets Discovery (standalone app) you are not affected by the vulnerability. |
Localtab |
---|
title | bitvoodoo Cloud |
---|
tabIcon | bvicon-cloud |
---|
| You use Jira, Confluence or Bitbucket Server or Data Center hosted with bitvoodoo. UpdateLTS Update Package Customers will get an update to the latest LTS release free of charge as soon as possible. bitvoodoo Cloud customers who do not have an LTS update package will be contacted by bitvoodoo in the coming days for coordination for an update. WorkaroundThere are currently no workarounds. |
|
Support Si vous avez des questions concernant cette faille de sécurité, veuillez contact le support de bitvoodoo par support@bitvoodoo.ch ou support.bitvoodoo.ch.
|