bitvoodoo Advisories
Space shortcuts
Space Tools
bitvoodoo Advisories BVADVIS

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 20 Next »

This is a public space:

For the draft, please restrict the page during creation and
remove this warning when page is published

Contents

Date

 

Product

Confluence Data Center and Server

Crowd Data Center and Server

VulnerabilityCritical
CVECVE-2024-50379, CVE-2024-56337, CVE-2024-52316, CVE-2024-50379, CVE-2024-56337
Official linkhttps://confluence.atlassian.com/security/security-bulletin-february-18-2025-1510670627.html


Dear customer,

On the 18th of February 2025, Atlassian issued a Security Bulletin for Confluence and Crowd.

The Cloud versions of the applications are not affected.

What you need to know

Atlassian has released a Security Bulletin on multiple vulnerabilities, including five critical issues. Those were fixed in recent updates.

While Atlassian marks some of these issues as critical, this is not an Security advisory.

However, in some cases Atlassian still advises updating affected systems for security.

Affected Versions

Confluence Data Center and Server
  • 9.2.0 (LTS)
  • 9.1.0 to 9.1.1
  • 9.0.1 to 9.0.3
  • 8.9.0 to 8.9.8
  • 8.8.0 to 8.8.1
  • 8.7.1 to 8.7.2
  • 8.6.0 to 8.6.2
  • 8.5.0 to 8.5.18 (LTS)
  • 8.4.0 to 8.4.5
  • 8.3.0 to 8.3.4
  • 8.2.0 to 8.2.3
  • 8.1.1 to 8.1.4
  • 7.19.6 to 7.19.30 (LTS)
Crowd Data Center and Server
  • 6.2.0
  • 6.1.0 to 6.1.3
  • 6.0.1 to 6.0.6
  • 5.3.0 to 5.3.6


What should I do?

You use Confluence Data Center and Server

If you're using one of the following versions or newer, the issues are already fixed:

  • 9.3.1 Data Center Only
  • 9.2.1 (LTS) recommended Data Center Only
  • 8.5.19 (LTS)


If you're using one of the following versions:

  • 9.2.0 (LTS)
  • 9.1.0 to 9.1.1
  • 9.0.1 to 9.0.3
  • 8.9.0 to 8.9.8
  • 8.8.0 to 8.8.1
  • 8.7.1 to 8.7.2
  • 8.6.0 to 8.6.2
  • 8.5.0 to 8.5.18 (LTS)
  • 8.4.0 to 8.4.5
  • 8.3.0 to 8.3.4
  • 8.2.0 to 8.2.3
  • 8.1.1 to 8.1.4
  • 7.19.6 to 7.19.30 (LTS)

Then you should check:

  • If your Confluence instance runs on a case-sensitive filesystem (default on Linux), we consider the risk low and an update as optional.
  • If it runs on a case-insensitive filesystem (default on Windows and macOS), we consider the risk medium and we recommend a minor update.


You use Confluence Cloud

You are not affected by this Security Advisory. No need for action.

You use Crowd Data Center and Server

If you're using the one of the following versions or newer, the issues are already fixed:

  • 6.2.2 recommended  Data Center Only
  • 6.1.4  Data Center Only
  • 6.0.7  Data Center Only


Otherwise, if you're using one of the following versions we assess the risk as medium and recommend a minor update:

  • 6.2.0
  • 6.1.0 to 6.1.3
  • 6.0.1 to 6.0.6
  • 5.3.0 to 5.3.6



Support

If you still have questions or concerns regarding this advisory, please contact the bitvoodoo support via support.bitvoodoo.ch.



  • No labels
bitvoodoo Advisories BVADVIS