LOGO

Service Menu

Menu Close

Customer Contact 고객지원

프로덕트 공지 및 자료

[Atlassian]2024.11.19 취약점 리포트

2024-12-05

2024년 11월 아틀라시안이 발표한 보안 업데이트에 대해 안내 드립니다.

 

아틀라시안에서는 더 안전한 제품 사용 환경을 제공하기 위해 19개의 높은 심각도(high severity) 취약점을 수정한 새 버전을 배포했습니다. 이번 취약점은 Bug Bountry program, pen-testing processes, third-partyh library scans을 통해 발견되었습니다.

보안 취약점으로부터 제품을 안전하게 보호하려면, 현재 사용 중인 제품을 최신 버전으로 업데이트하시거나 수정 버전 중 하나로 패치하시길 권장드립니다.


이번 공지에 포함된 수정 버전 정보는 2024년 11월 19일 기준으로 작성되었으며, 더 자세한 정보는 각 제품의 릴리즈 노트에서 확인하실 수 있습니다.

취약점 CVEs 정보 혹은 현재 사용 중인 제품 버전이 이번 공지에 포함되었는지 확인하고 싶으신 경우, Vulnerability Disclosure Portal에서 확인해 주시기 바랍니다.

 

플래티어는 앞으로도 고객님의 제품 사용 환경을 안전하게 보호하기 위해 최선을 다하겠습니다. 최신 보안 패치를 꼭 적용하셔서 더욱 안전하고 편리하게 사용하시길 바랍니다 😊

 

 

 

Release Security Vulnerabilities
Product & Release Notes Affected Versions Fixed Version Vulnerability Summary CVE ID CVSS Severity
Bamboo Data Center and Server
  • 10.0.0 to 10.0.2
  • 9.6.0 to 9.6.7 (LTS)
  • 9.2.1 to 9.2.19 (LTS)
  • 10.0.3 Data Center Only
  • 9.6.8 (LTS) recommended Data Center Only
  • 9.2.20 (LTS)
 RCE (Remote Code Execution) org.apache.avro:avro Dependency in Bamboo Data Center and Server CVE-2024-47561

7.3 High
Bitbucket Data Center and Server
  • 8.19.0 to 8.19.2 (LTS)
  • 8.18.0 to 8.18.1
  • 8.17.0 to 8.17.2
  • 8.16.0 to 8.16.4
  • 8.15.0 to 8.15.5
  • 8.14.0 to 8.14.6
  • 8.13.0 to 8.13.6
  • 8.12.0 to 8.12.6
  • 8.11.0 to 8.11.6
  • 8.10.0 to 8.10.6
  • 8.9.0 to 8.9.13 (LTS)
  • 8.8.0 to 8.8.7
  • 8.7.0 to 8.7.5
  • 8.6.2 to 8.6.4
  • 8.5.2 to 8.5.4
  • 8.4.3 to 8.4.4
  • 8.3.4
  • 9.0.0 to 9.0.1 Data Center Only
  • 8.19.3 to 8.19.11 (LTS) recommended Data Center Only
  • 8.9.14 to 8.9.21 (LTS)
 DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bitbucket Data Center and Server CVE-2024-30172

7.5 High
DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server CVE-2024-24549

7.5 High
Confluence Data Center and Server
  • 9.1.0
  • 9.0.1 to 9.0.3
  • 8.9.0 to 8.9.7
  • 8.8.0 to 8.8.1
  • 8.7.1 to 8.7.2
  • 8.6.0 to 8.6.2
  • 8.5.0 to 8.5.16 (LTS)
  • 8.4.0 to 8.4.5
  • 8.3.0 to 8.3.4
  • 8.2.0 to 8.2.3
  • 8.1.0 to 8.1.4
  • 8.0.0 to 8.0.4
  • 7.20.3
  • 7.19.4 to 7.19.28 (LTS)
  • 9.1.1 Data Center Only
  • 8.9.8 Data Center Only
  • 8.5.17 (LTS) recommended
  • 7.19.29 (LTS)
 DoS (Denial of Service) braces Dependency in Confluence Data Center CVE-2024-4068

7.5 High
DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Confluence Data Center and Server CVE-2023-52428

7.5 High
DoS (Denial of Service) decode-uri-component Dependency in Confluence Data Center CVE-2022-38900

7.5 High
BASM (Broken Authentication & Session Management) browserify-sign Dependency in Confluence Data Center CVE-2023-46234

7.5 High
Path Traversal org.springframework:spring-webmvc Dependency in Confluence Data Center and Server CVE-2024-38816

7.5 High
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Confluence Data Center and Server CVE-2024-30172

7.5 High
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Confluence Data Center and Server CVE-2024-24549

7.5 High
Crowd Data Center and Server
  • 6.0.0 to 6.0.2
  • 5.3.0 to 5.3.5
  • 5.2.0 to 5.2.10
  • 5.1.1 to 5.1.13
  • 6.1.1 to 6.1.2 recommended Data Center Only
  • 6.0.3 to 6.0.4 Data Center Only
  • 5.3.6 Data Center Only
 DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Crowd Data Center and Server CVE-2024-38286

8.6 High
DoS (Denial of Service) tomcat Dependency in Crowd Data Center CVE-2024-34750

7.5 High
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Crowd Data Center and Server CVE-2024-34750

7.5 High
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Crowd Data Center and Server CVE-2024-30172

7.5 High
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Crowd Data Center and Server CVE-2024-24549

7.5 High
Jira Data Center and Server
  • 10.0.0 to 10.0.1
  • 9.17.0 to 9.17.3
  • 9.12.0 to 9.12.14 (LTS)
  • 9.4.1 to 9.4.27 (LTS)
  • 10.1.1 to 10.1.2 Data Center Only
  • 9.17.4 to 9.17.5 Data Center Only
  • 9.12.15 (LTS) recommended
  • 9.4.28 (LTS)
 XSS (Cross Site Scripting) DOMPurify Dependency in Jira Core Data Center and Server CVE-2024-45801

8.3 High
Jira Service Management Data Center and Server
  • 10.0.0 to 10.0.1
  • 5.17.0 to 5.17.3
  • 5.16.0 to 5.16.1
  • 5.15.2
  • 5.14.0 to 5.14.1
  • 5.13.0 to 5.13.1
  • 5.12.0 to 5.12.14 (LTS)
  • 5.11.0 to 5.11.3
  • 5.10.0 to 5.10.2
  • 5.9.0 to 5.9.2
  • 5.8.0 to 5.8.2
  • 5.7.0 to 5.7.2
  • 5.6.0
  • 5.5.0 to 5.5.1
  • 5.4.1 to 5.4.27 (LTS)
  • 5.3.2 to 5.3.3
  • 5.2.1
  • 10.1.1 to 10.1.2 Data Center Only
  • 5.17.4 to 5.17.5 Data Center Only
  • 5.12.15 (LTS) recommended
  • 5.4.28 (LTS)
 XSS (Cross Site Scripting) DOMPurify Dependency in Jira Service Management Data Center and Server CVE-2024-45801

8.3 High
DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Jira Service Management Data Center and Server CVE-2023-52428

7.5 High
Sourcetree for Mac
  • 4.2.8
  • All versions from 4.2.9
 RCE (Remote Code Execution) in Sourcetree for Mac and Sourcetree for Windows CVE-2024-21697

8.8 High
Sourcetree for Windows
  • 3.4.19
  • All versions from 3.4.20
 RCE (Remote Code Execution) in Sourcetree for Mac and Sourcetree for Windows CVE-2024-21697

8.8 High

 

목록
교육안내
문의하기