2024年3月19日,Atlassian发布了安全公告,涉及的产品包括Confluence、Jira、Bitbucket和Bamboo。

本次安全公告中报告的漏洞包括24个高严重性漏洞(high-severity)和1个关键严重性漏洞(critical-severity),这些漏洞已在最新版本的产品中修复。

技术支持

如果您有任何问题可以联系Atlassian技术支持:https://support.atlassian.com/contact/#/

如果您是北京范德敏特科技的客户,您可以联系您的技术服务经理,或访问北京范德敏特科技官网:https://www.devpod.cn/contact/


要修复影响您的产品的所有漏洞,Atlassian建议将您的实例修补到最新版本或每个产品的一个被修复版本。

下表列出的每个产品的被修复版本是截至2024年3月19日(发布日期)的最新版本。有关最新版本的更多信息,请访问产品Release Note。

安全漏洞
产品 & Release Notes影响的版本修复的版本漏洞描述CVE IDCVSS 严重性
Bamboo Data Center 和 Server
  • 9.5.0 to 9.5.1
  • 9.4.0 to 9.4.3
  • 9.3.0 to 9.3.6
  • 9.2.0 to 9.2.11 (LTS)
  • 9.1.0 to 9.1.3
  • 9.0.0 to 9.0.4
  • 8.2.0 to 8.2.9
  • 其它更低的版本
  • 9.6.0 (LTS) 或 9.5.2 
  • 9.4.4
  • 9.2.12 (LTS)

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and Server

CVE-2024-1597

10.0 Critical
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bamboo Data Center and ServerCVE-2024-216347.5 High
Bitbucket Data Center 和 Server
  • 8.18.0
  • 8.17.0 to 8.17.1
  • 8.16.0 to 8.16.2
  • 8.15.0 to 8.15.3
  • 8.14.0 to 8.14.4
  • 8.13.0 to 8.13.5
  • 8.12.0 to 8.12.3
  • 8.11.0 to 8.11.1
  • 8.10.0 to 8.10.1
  • 8.9.0 to 8.9.9 (LTS)
  • 其它更低的版本 (除了 7.21.22)
  • 8.19.0 (LTS) 
  • 8.18.1
  • 8.17.2
  • 8.16.3 to 8.16.4
  • 8.15.4 to 8.15.5
  • 8.14.5 to 8.14.6
  • 8.13.6
  • 8.9.10 to 8.9.11 (LTS)
  • 7.21.22 to 7.21.23
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bitbucket Data Center and ServerCVE-2024-216347.5 High
Confluence Data Center 和 Server
  • 8.8.0

  • 8.7.0 to 8.7.2

  • 8.6.0 to 8.6.2

  • 8.5.0 to 8.5.6 (LTS)

  • 8.4.0 to 8.4.5

  • 8.3.0 to 8.3.4

  • 8.2.0 to 8.2.3

  • 8.1.0 to 8.1.4

  • 8.0.0 to 8.0.4

  • 7.20.0 to 7.20.3

  • 7.19.0 (LTS) to 7.19.19 (LTS)

  • 7.18.0 to 7.18.3

  • 7.17.0 to 7.17.5

  • 其它更低的版本

  • 8.8.1 

  • 8.5.7 (LTS)

  • 7.19.20 (LTS)

Path Traversal in Confluence Data CenterCVE-2024-216778.3 High
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Confluence Data Center and ServerCVE-2023-364787.5 High

Jira Software Data Center 和 Server

  • 9.12.0 to 9.12.2 LTS
  • 9.11.0 to 9.11.3
  • 9.10.0 to 9.10.2
  • 9.9.0 to 9.9.2
  • 9.8.0 to 9.8.2
  • 9.7.0 to 9.7.2
  • 9.6.0
  • 9.5.0 to 9.5.1
  • 9.4.0 to 9.4.17 LTS
  • 9.3.0 to 9.3.3
  • 9.2.0 to 9.2.1
  • 9.1.0 to 9.1.1
  • 9.0.0
  • 其它更低的版本

















  • 9.14.1 或 9.14.0 
  • 9.13.0 to 9.13.1
  • 9.12.3 to 9.12.5 (LTS)
  • 9.4.18 (LTS)















DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2022-401507.5 High
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-344557.5 High
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and ServerCVE-2022-428907.5 High
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and ServerCVE-2022-417047.5 High
SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and ServerCVE-2022-401467.5 High
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2023-14367.5 High
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2022-456857.5 High
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and ServerCVE-2022-295467.5 High
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and ServerCVE-2022-401497.5 High
DoS (Denial of Service) org.apache.avro:avro Dependency in Jira Software Data Center and ServerCVE-2023-394107.5 High
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-344547.5 High
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-344537.5 High
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and ServerCVE-2023-436427.5 High
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and ServerCVE-2022-35097.5 High
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and ServerCVE-2022-31717.5 High
DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and ServerCVE-2023-50727.5 High
DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and ServerCVE-2022-456887.5 High
RCE (Remote Code Execution) xalan:xalan Dependency in Jira Software Data Center and ServerCVE-2022-341697.5 High
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and ServerCVE-2022-248397.5 High
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and ServerCVE-2022-283667.5 High