Search

Find a vulnerability

Search criteria

    331 vulnerabilities found for Jira by Atlassian

    CERTFR-2026-AVI-0773

    Vulnerability from certfr_avis - Published: 2026-06-18 - Updated: 2026-06-18

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Service Management Data Center et Server versions 11.3.x antérieures à 11.3.7
    Atlassian Confluence Confluence Data Center versions 10.2.x antérieures à 10.2.13
    Atlassian Jira Jira Software Data Center versions 10.3.x antérieures à 10.3.22
    Atlassian Jira Jira Service Management Data Center et Server versions 10.3.x antérieures à 10.3.22
    Atlassian Confluence Confluence Data Center versions 9.2.x antérieures à 9.2.21
    Atlassian Jira Jira Service Management Data Center versions 10.3.x antérieures à 10.3.22
    Atlassian Jira Jira Software Data Center versions 11.3.x antérieures à 11.3.7
    Atlassian Jira Jira Software Data Center et Server versions 10.3.x antérieures à 10.3.22
    Atlassian Jira Jira Service Management Data Center versions 11.3.x antérieures à 11.3.7
    Atlassian Jira Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.36
    Atlassian Jira Jira Software Data Center et Server versions 11.3.x antérieures à 11.3.7
    Atlassian Jira Jira Software Data Center versions 9.12.x antérieures à 9.12.36
    References
    Bulletin de sécurité Atlassian JSWSERVER-26825 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16543 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16622 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16604 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26820 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26813 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16583 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16609 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16613 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104143 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104139 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16626 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16614 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26791 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104136 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26783 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103936 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26805 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26800 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26838 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16618 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26815 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26819 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104131 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104199 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103906 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26751 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16620 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16615 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16632 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16627 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103468 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26841 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26818 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26837 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104132 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16608 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26835 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104134 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16616 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16610 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16617 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26821 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26784 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16623 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104133 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26840 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104130 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16629 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26752 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26827 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16606 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16628 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26816 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104135 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26811 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26826 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16541 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104138 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26822 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16607 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16631 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16625 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-104171 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16621 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16584 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26814 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16611 2026-06-16 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26836 2026-06-16 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Service Management Data Center et Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 10.2.x ant\u00e9rieures \u00e0 10.2.13",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.21",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.36",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center et Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.36",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-33871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
        },
        {
          "name": "CVE-2026-43515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43515"
        },
        {
          "name": "CVE-2026-42211",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42211"
        },
        {
          "name": "CVE-2026-34486",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
        },
        {
          "name": "CVE-2026-33870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
        },
        {
          "name": "CVE-2026-42585",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42585"
        },
        {
          "name": "CVE-2026-42584",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
        },
        {
          "name": "CVE-2026-41284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41284"
        },
        {
          "name": "CVE-2026-45149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
        },
        {
          "name": "CVE-2026-42033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
        },
        {
          "name": "CVE-2026-42035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
        },
        {
          "name": "CVE-2026-44495",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
        },
        {
          "name": "CVE-2026-42043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
        },
        {
          "name": "CVE-2026-40175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
        },
        {
          "name": "CVE-2026-27903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
        },
        {
          "name": "CVE-2026-34487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
        },
        {
          "name": "CVE-2021-3803",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
        },
        {
          "name": "CVE-2026-42038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
        },
        {
          "name": "CVE-2026-42583",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
        },
        {
          "name": "CVE-2026-43513",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43513"
        },
        {
          "name": "CVE-2026-29129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
        },
        {
          "name": "CVE-2026-42587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
        },
        {
          "name": "CVE-2026-42342",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42342"
        },
        {
          "name": "CVE-2026-26996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
        },
        {
          "name": "CVE-2026-42264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
        },
        {
          "name": "CVE-2026-45736",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
        },
        {
          "name": "CVE-2026-43512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43512"
        },
        {
          "name": "CVE-2026-42579",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
        },
        {
          "name": "CVE-2026-42498",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42498"
        },
        {
          "name": "CVE-2026-27904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
        },
        {
          "name": "CVE-2026-34077",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34077"
        },
        {
          "name": "CVE-2026-41293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41293"
        }
      ],
      "initial_release_date": "2026-06-18T00:00:00",
      "last_revision_date": "2026-06-18T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0773",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26825",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26825"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16543",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16543"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16622",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16622"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16604",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16604"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26820",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26820"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26813",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26813"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16583",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16583"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16609",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16609"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16613",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16613"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104143",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104143"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104139",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104139"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16626",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16626"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16614",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16614"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26791",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26791"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104136",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104136"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26783",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26783"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103936",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103936"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26805",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26805"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26800",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26800"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26838",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26838"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16618",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16618"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26815",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26815"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26819",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26819"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104131",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104131"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104199",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104199"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103906",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103906"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26751",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26751"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16620",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16620"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16615",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16615"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16632",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16632"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16627",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16627"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103468",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103468"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26841",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26841"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26818",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26818"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26837",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26837"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104132",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104132"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16608",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16608"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26835",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26835"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104134",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104134"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16616",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16616"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16610",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16610"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16617",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16617"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26821",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26821"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26784",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26784"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16623",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16623"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104133",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104133"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26840",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26840"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104130",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104130"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16629",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16629"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26752",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26752"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26827",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26827"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16606",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16606"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16628",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16628"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26816",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26816"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104135",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104135"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26811",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26811"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26826",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26826"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16541",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16541"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104138",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104138"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26822",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26822"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16607",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16607"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16631",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16631"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16625",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16625"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104171",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-104171"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16621",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16621"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16584",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16584"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26814",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26814"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16611",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16611"
        },
        {
          "published_at": "2026-06-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26836",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26836"
        }
      ]
    }

    CERTFR-2026-AVI-0621

    Vulnerability from certfr_avis - Published: 2026-05-20 - Updated: 2026-05-20

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Software Data Center versions antérieures à 10.3.20
    Atlassian Jira Jira Service Management Server versions antérieures à 11.3.5
    Atlassian Confluence Confluence Data Center versions antérieures à 10.2.11
    Atlassian Jira Jira Service Management Server versions antérieures à 10.3.20
    Atlassian Jira Jira Service Management Data Center versions antérieures à 11.3.5
    Atlassian Confluence Confluence Data Center versions antérieures à 9.2.20
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.35
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.3.20
    Atlassian Jira Jira Software Data Center versions antérieures à 11.3.5
    References
    Bulletin de sécurité Atlassian CONFSERVER-103710 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16574 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26786 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16576 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103709 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103708 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16588 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26781 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16571 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16573 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103633 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26778 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26780 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26788 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103713 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16587 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26793 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26785 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16577 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103712 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26787 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16578 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103707 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103647 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26782 2026-05-19 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16575 2026-05-19 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.20",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 11.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.2.11",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.20",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 11.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.20",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.35",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.20",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 11.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-24734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
        },
        {
          "name": "CVE-2026-29145",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
        },
        {
          "name": "CVE-2026-22029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
        },
        {
          "name": "CVE-2026-29146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29146"
        },
        {
          "name": "CVE-2026-33750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
        },
        {
          "name": "CVE-2026-26960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
        },
        {
          "name": "CVE-2026-22732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
        },
        {
          "name": "CVE-2026-34487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
        },
        {
          "name": "CVE-2026-29062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29062"
        },
        {
          "name": "CVE-2026-29786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
        },
        {
          "name": "CVE-2026-25639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
        },
        {
          "name": "CVE-2026-29129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
        },
        {
          "name": "CVE-2026-34483",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
        },
        {
          "name": "CVE-2026-24880",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24880"
        },
        {
          "name": "CVE-2026-31802",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
        }
      ],
      "initial_release_date": "2026-05-20T00:00:00",
      "last_revision_date": "2026-05-20T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0621",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103710",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103710"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16574",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16574"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26786",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26786"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16576",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16576"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103709",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103709"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103708",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103708"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16588",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16588"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26781",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26781"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16571",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16571"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16573",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16573"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103633",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103633"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26778",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26778"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26780",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26780"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26788",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26788"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103713",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103713"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16587",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16587"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26793",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26793"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26785",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26785"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16577",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16577"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103712",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103712"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26787",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26787"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16578",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16578"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103707",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103707"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103647",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103647"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26782",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26782"
        },
        {
          "published_at": "2026-05-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16575",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16575"
        }
      ]
    }

    CERTFR-2026-AVI-0479

    Vulnerability from certfr_avis - Published: 2026-04-22 - Updated: 2026-04-22

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Confluence Confluence Data Center versions 10.x antérieures à 10.2.10
    Atlassian Jira Jira Service Management Data Center versions 11.x antérieures à 11.3.4
    Atlassian Jira Jira Software Server versions antérieures à 9.12.33
    Atlassian Confluence Confluence Data Center versions antérieures à 9.2.19
    Atlassian Jira Jira Software Data Center versions 10.x antérieures à 10.3.19
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.34
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.3.19
    Atlassian Jira Jira Service Management Server versions antérieures à 10.3.13
    Atlassian Jira Jira Software Server versions 10.x antérieures à 10.3.16
    Atlassian Jira Jira Software Data Center versions 11.x antérieures à 11.3.4
    References
    Bulletin de sécurité Atlassian JSWSERVER-26754 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16542 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26657 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16551 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26764 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103476 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103467 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103471 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103469 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103475 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16544 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103470 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103472 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103612 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103539 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103474 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26666 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16557 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103517 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16550 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16540 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26765 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26763 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26760 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16552 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16556 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-102567 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103473 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103516 2026-04-21 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-103518 2026-04-21 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Confluence Data Center versions 10.x ant\u00e9rieures \u00e0 10.2.10",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 11.x ant\u00e9rieures \u00e0 11.3.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.33",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.19",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.19",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.34",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.19",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.13",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.3.16",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 11.x ant\u00e9rieures \u00e0 11.3.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-33871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
        },
        {
          "name": "CVE-2023-1370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
        },
        {
          "name": "CVE-2021-0341",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
        },
        {
          "name": "CVE-2023-48631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48631"
        },
        {
          "name": "CVE-2026-23745",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
        },
        {
          "name": "CVE-2026-33870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
        },
        {
          "name": "CVE-2026-22029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
        },
        {
          "name": "CVE-2023-3635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
        },
        {
          "name": "CVE-2026-26960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
        },
        {
          "name": "CVE-2024-45801",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
        },
        {
          "name": "CVE-2021-31597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-31597"
        },
        {
          "name": "CVE-2026-24842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
        },
        {
          "name": "CVE-2026-23950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
        },
        {
          "name": "CVE-2024-29371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
        },
        {
          "name": "CVE-2024-47875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
        },
        {
          "name": "CVE-2026-25639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
        },
        {
          "name": "CVE-2025-66020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66020"
        },
        {
          "name": "CVE-2022-1471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
        },
        {
          "name": "CVE-2026-29063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
        },
        {
          "name": "CVE-2026-31802",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
        },
        {
          "name": "CVE-2026-25547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
        },
        {
          "name": "CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        }
      ],
      "initial_release_date": "2026-04-22T00:00:00",
      "last_revision_date": "2026-04-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0479",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-04-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26754",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26754"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16542",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16542"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26657",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26657"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16551",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16551"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26764",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26764"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103476",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103476"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103467",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103467"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103471",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103471"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103469",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103469"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103475",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103475"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16544",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16544"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103470",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103470"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103472",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103472"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103612",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103612"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103539",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103539"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103474",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103474"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26666",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26666"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16557",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16557"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103517",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103517"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16550",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16550"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16540",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16540"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26765",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26765"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26763",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26763"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26760",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26760"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16552",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16552"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16556",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16556"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102567",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-102567"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103473",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103473"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103516",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103516"
        },
        {
          "published_at": "2026-04-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103518",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-103518"
        }
      ]
    }

    CERTFR-2026-AVI-0314

    Vulnerability from certfr_avis - Published: 2026-03-18 - Updated: 2026-03-18

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Software Server versions antérieures à 10.3.17
    Atlassian Jira Jira Software Server versions antérieures à 11.3.2
    Atlassian Confluence Confluence Data Center versions antérieures à 10.2.7
    Atlassian Jira Jira Software Data Center versions antérieures à 11.3.3
    Atlassian Confluence Confluence Server versions antérieures à 9.0.2
    Atlassian Jira Jira Service Management Data Center versions antérieures à 11.3.3
    Atlassian Confluence Confluence Data Center versions antérieures à 9.0.2
    Atlassian Jira Jira Software Data Center versions antérieures à 10.3.18
    Atlassian Confluence Confluence Server versions antérieures à 9.2.15
    Atlassian Jira Jira Service Management Server versions antérieures à 11.3.3
    Atlassian Confluence Confluence Data Center versions antérieures à 9.2.15
    Atlassian Confluence Confluence Server versions antérieures à 10.2.7
    Atlassian Jira Jira Service Management Server versions antérieures à 10.3.17
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.3.18

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.17",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 11.3.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.2.7",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 11.3.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.0.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 11.3.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.0.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.18",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.15",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 11.3.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.15",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 10.2.7",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.17",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.18",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2022-25883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
        },
        {
          "name": "CVE-2026-23745",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
        },
        {
          "name": "CVE-2022-25927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
        },
        {
          "name": "CVE-2026-24842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
        },
        {
          "name": "CVE-2026-23950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
        },
        {
          "name": "CVE-2025-64756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
        },
        {
          "name": "CVE-2020-28469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
        },
        {
          "name": "CVE-2024-57699",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
        }
      ],
      "initial_release_date": "2026-03-18T00:00:00",
      "last_revision_date": "2026-03-18T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0314",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-03-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16515",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16515"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16527",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16527"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26730",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26730"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16530",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16530"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26714",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26714"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26736",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26736"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26716",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26716"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102542",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-102542"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16529",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16529"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16510",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16510"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26732",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26732"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16528",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16528"
        },
        {
          "published_at": "2026-03-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26733",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26733"
        }
      ]
    }

    CERTFR-2026-AVI-0065

    Vulnerability from certfr_avis - Published: 2026-01-21 - Updated: 2026-01-21

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Software Server versions 11.3.x antérieures à 11.3.0
    Atlassian Confluence Confluence Server versions antérieures à 8.5.31
    Atlassian Jira Jira Service Management Data Center versions antérieures à 5.12.29
    Atlassian Jira Jira Service Management Server versions 11.x antérieures à 11.2.1
    Atlassian Jira Jira Service Management Data Center versions 11.x antérieures à 11.2.1
    Atlassian Jira Jira Software Data Center versions 11.2.x antérieures à 11.2.1
    Atlassian Jira Jira Software Server versions 11.2.x antérieures à 11.2.1
    Atlassian Jira Jira Software Data Center versions 10.x antérieures à 10.3.16
    Atlassian Jira Jira Service Management Server versions 10.x antérieures à 10.3.16
    Atlassian Jira Jira Service Management Server versions 11.3.x antérieures à 11.3.0
    Atlassian Confluence Confluence Server versions 9.x antérieures à 9.2.13
    Atlassian Confluence Confluence Data Center versions 10.x antérieures à 10.2.2
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.26
    Atlassian Jira Jira Service Management Data Center versions 11.3.x antérieures à 11.3.1
    Atlassian Confluence Confluence Data Center versions antérieures à 8.5.31
    Atlassian Jira Jira Software Server versions antérieures à 9.12.26
    Atlassian Confluence Confluence Data Center versions 9.x antérieures à 9.2.13
    Atlassian Jira Jira Service Management Data Center versions 10.x antérieures à 10.3.16
    Atlassian Jira Jira Software Server versions 10.x antérieures à 10.3.16
    Atlassian Jira Jira Service Management Server versions antérieures à 5.12.29
    Atlassian Jira Jira Software Data Center versions 11.3.x antérieures à 11.3.0
    References
    Bulletin de sécurité Atlassian JSWSERVER-26667 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16497 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16496 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-101827 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26665 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16485 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26661 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16491 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-101878 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16501 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26663 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16503 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26662 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16459 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26654 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26656 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-101872 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16502 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-101842 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16499 2026-01-20 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16465 2026-01-20 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Software Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.31",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.29",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 11.x ant\u00e9rieures \u00e0 11.2.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 11.2.x ant\u00e9rieures \u00e0 11.2.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 11.2.x ant\u00e9rieures \u00e0 11.2.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.16",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 10.x ant\u00e9rieures \u00e0 10.3.16",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 9.x ant\u00e9rieures \u00e0 9.2.13",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 10.x ant\u00e9rieures \u00e0 10.2.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.31",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.2.13",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.16",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.3.16",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.29",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-9287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
        },
        {
          "name": "CVE-2025-49146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
        },
        {
          "name": "CVE-2022-25883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
        },
        {
          "name": "CVE-2025-66516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
        },
        {
          "name": "CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "name": "CVE-2024-21538",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
        },
        {
          "name": "CVE-2024-45296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
        },
        {
          "name": "CVE-2021-3807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
        },
        {
          "name": "CVE-2024-45801",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
        },
        {
          "name": "CVE-2022-45693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
        },
        {
          "name": "CVE-2025-54988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
        },
        {
          "name": "CVE-2025-9288",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
        },
        {
          "name": "CVE-2025-52434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
        },
        {
          "name": "CVE-2025-53689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53689"
        }
      ],
      "initial_release_date": "2026-01-21T00:00:00",
      "last_revision_date": "2026-01-21T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0065",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-01-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26667",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26667"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16497",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16497"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16496",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16496"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101827",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101827"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26665",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26665"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16485",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16485"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26661",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26661"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16491",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16491"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101878",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101878"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16501",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16501"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26663",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26663"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16503",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16503"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26662",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26662"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16459",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16459"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26654",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26654"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26656",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26656"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101872",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101872"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16502",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16502"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101842",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101842"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16499",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16499"
        },
        {
          "published_at": "2026-01-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16465",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16465"
        }
      ]
    }

    CERTFR-2025-AVI-1100

    Vulnerability from certfr_avis - Published: 2025-12-12 - Updated: 2025-12-12

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.30
    Atlassian Jira Jira Software Data Center et Server versions 10.3.x antérieures à 10.3.15
    Atlassian Confluence Confluence Data Center et Server versions 9.5.x antérieures à 9.5.2
    Atlassian Jira Jira Service Management Data Center et Server versions 11.x antérieures à 11.2.1
    Atlassian Confluence Confluence Data Center et Server versions 10.0.x antérieures à 10.0.2
    Atlassian Confluence Confluence Data Center et Server versions 8.5.x antérieures à 8.5.30
    Atlassian Confluence Confluence Data Center et Server versions 10.1.x antérieures à 10.1.0
    Atlassian Confluence Confluence Data Center et Server versions 9.2.x antérieures à 9.2.12
    Atlassian Confluence Confluence Data Center et Server versions 9.3.x antérieures à 9.3.1
    Atlassian Confluence Confluence Data Center et Server versions 9.4.x antérieures à 9.4.0
    Atlassian Jira Jira Service Management Data Center et Server versions 10.3.x antérieures à 10.3.15
    Atlassian Jira Jira Software Data Center et Server versions 11.x antérieures à 11.2.1
    Atlassian Confluence Confluence Data Center et Server versions 10.2.x antérieures à 10.2.1
    References
    Bulletin de sécurité Atlassian JSDSERVER-16469 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26599 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-101574 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26636 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26600 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16461 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16478 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26614 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16458 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26630 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26627 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26634 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16466 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-101788 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-101478 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-101573 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16477 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26635 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16470 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26629 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16479 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26625 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26626 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-101575 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16462 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian CONFSERVER-101489 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26619 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16456 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26615 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26628 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSDSERVER-16480 2025-12-11 vendor-advisory
    Bulletin de sécurité Atlassian JSWSERVER-26620 2025-12-11 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.30",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.30",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.12",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2021-39227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39227"
        },
        {
          "name": "CVE-2022-37603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
        },
        {
          "name": "CVE-2025-66516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
        },
        {
          "name": "CVE-2024-29415",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
        },
        {
          "name": "CVE-2025-41248",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
        },
        {
          "name": "CVE-2025-27152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
        },
        {
          "name": "CVE-2024-21634",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
        },
        {
          "name": "CVE-2022-37601",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
        },
        {
          "name": "CVE-2025-48976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
        },
        {
          "name": "CVE-2022-45693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
        },
        {
          "name": "CVE-2016-1181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-1181"
        },
        {
          "name": "CVE-2025-54988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
        },
        {
          "name": "CVE-2025-55163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
        },
        {
          "name": "CVE-2023-49735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
        },
        {
          "name": "CVE-2022-3517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
        },
        {
          "name": "CVE-2024-12905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
        },
        {
          "name": "CVE-2020-8203",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
        },
        {
          "name": "CVE-2022-37599",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
        },
        {
          "name": "CVE-2025-58754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
        },
        {
          "name": "CVE-2016-1182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-1182"
        }
      ],
      "initial_release_date": "2025-12-12T00:00:00",
      "last_revision_date": "2025-12-12T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1100",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-12-12T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16469",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16469"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26599",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26599"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101574",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101574"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26636",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26636"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26600",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26600"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16461",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16461"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16478",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16478"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26614",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26614"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16458",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16458"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26630",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26630"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26627",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26627"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26634",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26634"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16466",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16466"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101788",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101788"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101478",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101478"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101573",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101573"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16477",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16477"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26635",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26635"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16470",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16470"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26629",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26629"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16479",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16479"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26625",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26625"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26626",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26626"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101575",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101575"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16462",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16462"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101489",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101489"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26619",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26619"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16456",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16456"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26615",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26615"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26628",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26628"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16480",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16480"
        },
        {
          "published_at": "2025-12-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26620",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26620"
        }
      ]
    }

    CERTFR-2025-AVI-1025

    Vulnerability from certfr_avis - Published: 2025-11-19 - Updated: 2025-11-19

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une falsification de requêtes côté serveur (SSRF).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Software Data Center versions antérieures à 11.2.0
    Atlassian Jira Jira Software Data Center versions antérieures à 10.3.10
    Atlassian Jira Jira Service Management Server versions antérieures à 10.7.3
    Atlassian Confluence Confluence Server versions antérieures à 9.5.4
    Atlassian Confluence Confluence Server versions antérieures à 9.2.6
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.7.3
    Atlassian Jira Jira Service Management Data Center versions antérieures à 11.2.0
    Atlassian Jira Jira Service Management Data Center versions antérieures à 5.12.26
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.3.10
    Atlassian Jira Jira Service Management Server versions antérieures à 11.2.0
    Atlassian Jira Jira Software Server versions antérieures à 10.7.3
    Atlassian Jira Jira Software Server versions antérieures à 11.2.0
    Atlassian Confluence Confluence Data Center versions antérieures à 9.2.6
    Atlassian Confluence Confluence Data Center versions antérieures à 10.0.2
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.26
    Atlassian Confluence Confluence Data Center versions antérieures à 10.1.1
    Atlassian Confluence Confluence Server versions antérieures à 10.1.1
    Atlassian Jira Jira Service Management Server versions antérieures à 5.12.26
    Atlassian Confluence Confluence Data Center versions antérieures à 9.3.1
    Atlassian Jira Jira Software Data Center versions antérieures à 10.7.3
    Atlassian Jira Jira Software Server versions antérieures à 10.3.10
    Atlassian Jira Jira Software Server versions antérieures à 9.12.26
    Atlassian Confluence Confluence Server versions antérieures à 8.5.20
    Atlassian Confluence Confluence Server versions antérieures à 9.4.0
    Atlassian Confluence Confluence Server versions antérieures à 10.0.2
    Atlassian Confluence Confluence Data Center versions antérieures à 9.5.4
    Atlassian Confluence Confluence Data Center versions antérieures à 8.5.20
    Atlassian Confluence Confluence Data Center versions antérieures à 9.4.0
    Atlassian Jira Jira Service Management Server versions antérieures à 10.3.10
    Atlassian Confluence Confluence Server versions antérieures à 9.3.1

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 11.2.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.10",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.7.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.5.4",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.6",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.7.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 11.2.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.26",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.10",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 11.2.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.7.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 11.2.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.6",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.0.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.1.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 10.1.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.26",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.7.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.10",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.20",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.4.0",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 10.0.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.5.4",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.20",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.0",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.10",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2022-46175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
        },
        {
          "name": "CVE-2025-41248",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
        },
        {
          "name": "CVE-2024-45296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
        },
        {
          "name": "CVE-2025-48976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
        },
        {
          "name": "CVE-2024-37890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
        },
        {
          "name": "CVE-2022-38900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
        },
        {
          "name": "CVE-2023-42282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
        },
        {
          "name": "CVE-2025-48387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
        }
      ],
      "initial_release_date": "2025-11-19T00:00:00",
      "last_revision_date": "2025-11-19T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1025",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-11-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101488",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101488"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16435",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16435"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26537",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26537"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101480",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101480"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101486",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101486"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101487",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101487"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101485",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101485"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101479",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101479"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101477",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-101477"
        }
      ]
    }

    CERTFR-2025-AVI-0903

    Vulnerability from certfr_avis - Published: 2025-10-22 - Updated: 2025-10-22

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Service Management Server versions antérieures à 5.12.28
    Atlassian Jira Jira Software Server versions 11.1.x antérieures à 11.1.0
    Atlassian Jira Jira Software Data Center versions 11.0.x antérieures à 11.0.1
    Atlassian Jira Jira Service Management Data Center versions antérieures à 5.12.28
    Atlassian Jira Jira Service Management Server versions 11.0.x antérieures à 11.0.1
    Atlassian Confluence Confluence Data Center versions 10.x antérieures à 10.0.2
    Atlassian Jira Jira Service Management Data Center versions 11.1.x antérieures à 11.1.0
    Atlassian Jira Jira Software Server versions 11.0.x antérieures à 11.0.1
    Atlassian Jira Jira Software Server versions antérieures à 9.12.28
    Atlassian Jira Jira Service Management Data Center versions 11.0.x antérieures à 11.0.1
    Atlassian Jira Jira Service Management Server versions 10.3.x antérieures à 10.3.12
    Atlassian Confluence Confluence Data Center versions 9.x antérieures à 9.2.7
    Atlassian Jira Jira Service Management Server versions 11.1.x antérieures à 11.1.0
    Atlassian Jira Jira Service Management Data Center versions 10.3.x antérieures à 10.3.12
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.28
    Atlassian Jira Jira Software Server versions 10.3.x antérieures à 10.3.12
    Atlassian Jira Jira Software Data Center versions 11.1.x antérieures à 11.1.0
    Atlassian Confluence Confluence Data Center versions antérieures à 8.5.25
    Atlassian Jira Jira Software Data Center versions 10.3.x antérieures à 10.3.12

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.28",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.28",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 10.x ant\u00e9rieures \u00e0 10.0.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.28",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.2.7",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.28",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 11.1.x ant\u00e9rieures \u00e0 11.1.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.25",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.12",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-7962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
        },
        {
          "name": "CVE-2025-58057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
        },
        {
          "name": "CVE-2025-48989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
        },
        {
          "name": "CVE-2025-58056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
        },
        {
          "name": "CVE-2025-22166",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22166"
        },
        {
          "name": "CVE-2025-22167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22167"
        }
      ],
      "initial_release_date": "2025-10-22T00:00:00",
      "last_revision_date": "2025-10-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0903",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-10-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26567",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26567"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26566",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26566"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16410",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16410"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-100907",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-100907"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26564",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26564"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16408",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16408"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16412",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16412"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16413",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16413"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16411",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16411"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26552",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26552"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26538",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26538"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26565",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26565"
        },
        {
          "published_at": "2025-10-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16409",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16409"
        }
      ]
    }

    CERTFR-2025-AVI-0794

    Vulnerability from certfr_avis - Published: 2025-09-17 - Updated: 2025-09-17

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Confluence Confluence Data Center versions antérieures à 8.5.24
    Atlassian Jira Jira Service Management Data Center versions 10.7.x antérieures à 10.7.3
    Atlassian Jira Jira Software Server versions 10.3.x antérieures à 10.3.9
    Atlassian Confluence Confluence Server versions 9.5.x antérieures à 9.5.2
    Atlassian Jira Jira Software Data Center versions 11.0.x antérieures à 11.0.1
    Atlassian Confluence Confluence Server versions 10.0.x antérieures à 10.0.3
    Atlassian Jira Jira Service Management Data Center versions 10.3.x antérieures à 10.3.9
    Atlassian Jira Jira Service Management Data Center versions antérieures à 5.12.26
    Atlassian Confluence Confluence Server versions 9.2.x antérieures à 9.2.6
    Atlassian Jira Jira Service Management Server versions 11.0.x antérieures à 11.0.1
    Atlassian Confluence Confluence Server versions antérieures à 8.5.24
    Atlassian Jira Jira Service Management Server versions 10.3.x antérieures à 10.3.9
    Atlassian Jira Jira Software Server versions 11.0.x antérieures à 11.0.1
    Atlassian Jira Jira Service Management Data Center versions 11.0.x antérieures à 11.0.1
    Atlassian Jira Jira Software Server versions 10.7.x antérieures à 10.7.3
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.26
    Atlassian Jira Jira Software Data Center versions 10.3.x antérieures à 10.3.9
    Atlassian Confluence Confluence Data Center versions 9.2.x antérieures à 9.2.6
    Atlassian Jira Jira Service Management Server versions antérieures à 5.12.26
    Atlassian Jira Jira Service Management Server versions 10.7.x antérieures à 10.7.3
    Atlassian Jira Jira Software Data Center versions 10.7.x antérieures à 10.7.3
    Atlassian Confluence Confluence Data Center versions 9.5.x antérieures à 9.5.2
    Atlassian Jira Jira Software Server versions antérieures à 9.12.26
    Atlassian Confluence Confluence Data Center versions 10.0.x antérieures à 10.0.3
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.24",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.3",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.26",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.6",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.24",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.9",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.6",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.26",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 10.7.x ant\u00e9rieures \u00e0 10.7.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 10.0.x ant\u00e9rieures \u00e0 10.0.3",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-52520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
        },
        {
          "name": "CVE-2025-53506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
        },
        {
          "name": "CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        }
      ],
      "initial_release_date": "2025-09-17T00:00:00",
      "last_revision_date": "2025-09-17T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0794",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-09-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2025-09-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16367",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16367"
        },
        {
          "published_at": "2025-09-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26500",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26500"
        },
        {
          "published_at": "2025-09-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-100795",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-100795"
        },
        {
          "published_at": "2025-09-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16369",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16369"
        },
        {
          "published_at": "2025-09-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26499",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26499"
        }
      ]
    }

    CERTFR-2025-AVI-0593

    Vulnerability from certfr_avis - Published: 2025-07-16 - Updated: 2025-07-16

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Service Management Data Center versions 10.x antérieures à 10.7.2
    Atlassian Jira Jira Service Management Server versions 10.x antérieures à 10.3.8 LTS
    Atlassian Jira Jira Software Data Center versions 10.x antérieures à 10.7.2
    Atlassian Jira Jira Software Server versions 9.x antérieures à 9.12.25 LTS
    Atlassian Jira Jira Software Server versions 10.x antérieures à 10.7.2
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.3.8 LTS
    Atlassian Jira Jira Service Management Server versions 10.x antérieures à 10.7.2
    Atlassian Confluence Confluence Server versions 9.x antérieures à 9.5.2
    Atlassian Confluence Confluence Server versions 9.x antérieures à 9.2.6 LTS
    Atlassian Jira Jira Software Data Center versions 10.x antérieures à 10.3.8 LTS
    Atlassian Confluence Confluence Data Center versions 9.x antérieures à 9.2.6 LTS
    Atlassian Jira Jira Service Management Data Center versions 5.x antérieures à 5.12.25 LTS
    Atlassian Jira Jira Service Management Server versions 5.x antérieures à 5.12.25 LTS
    Atlassian Jira Jira Software Data Center versions 9.x antérieures à 9.12.25 LTS
    Atlassian Jira Jira Software Server versions 10.x antérieures à 10.3.8 LTS
    Atlassian Confluence Confluence Data Center versions 9.x antérieures à 9.5.2

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Service Management Data Center versions 10.x ant\u00e9rieures \u00e0 10.7.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 10.x ant\u00e9rieures \u00e0 10.3.8 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 10.x  ant\u00e9rieures \u00e0 10.7.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 9.x ant\u00e9rieures \u00e0 9.12.25 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.7.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.8 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 10.x ant\u00e9rieures \u00e0 10.7.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 9.x ant\u00e9rieures \u00e0 9.5.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 9.x ant\u00e9rieures \u00e0 9.2.6 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 10.x  ant\u00e9rieures \u00e0 10.3.8 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.2.6 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 5.x ant\u00e9rieures \u00e0 5.12.25 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 5.x ant\u00e9rieures \u00e0 5.12.25 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 9.x ant\u00e9rieures \u00e0 9.12.25 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.3.8 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions  9.x ant\u00e9rieures \u00e0 9.5.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-27820",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27820"
        },
        {
          "name": "CVE-2025-22228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
        },
        {
          "name": "CVE-2025-49125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
        },
        {
          "name": "CVE-2025-48988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
        },
        {
          "name": "CVE-2025-46701",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
        }
      ],
      "initial_release_date": "2025-07-16T00:00:00",
      "last_revision_date": "2025-07-16T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0593",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-07-16T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26443",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26443"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16310",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16310"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26442",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26442"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16309",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16309"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26470",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26470"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26468",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26468"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16269",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16269"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26469",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26469"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16308",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16308"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16311",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16311"
        },
        {
          "published_at": "2025-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-100164",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-100164"
        }
      ]
    }

    CERTFR-2025-AVI-0520

    Vulnerability from certfr_avis - Published: 2025-06-18 - Updated: 2025-06-18

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Service Management Server versions 10.6.x antérieures à 10.6.1
    Atlassian Jira Jira Software Data Center versions 10.6.x antérieures à 10.6.1
    Atlassian Confluence Confluence Data Center versions 9.5.x antérieures à 9.5.1
    Atlassian Jira Jira Service Management Server versions antérieures à 10.3.6
    Atlassian Jira Jira Service Management Data Center versions 10.6.x antérieures à 10.6.1
    Atlassian Jira Jira Software Server versions antérieures à 10.6.1
    Atlassian Confluence Confluence Data Center versions 9.2.x antérieures à 9.2.5
    Atlassian Jira Jira Software Data Center versions antérieures à 10.3.6
    Atlassian Confluence Confluence Server versions 9.5.x antérieures à 9.5.1
    Atlassian Confluence Confluence Server versions 9.2.x antérieures à 9.2.5
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.3.6
    Atlassian Confluence Confluence Data Center versions 9.4.x antérieures à 9.4.1
    Atlassian Confluence Confluence Server versions antérieures à 8.5.23
    Atlassian Confluence Confluence Data Center versions antérieures à 8.5.23
    Atlassian Confluence Confluence Server versions 9.4.x antérieures à 9.4.1
    Atlassian Jira Jira Software Server versions antérieures à 10.3.6
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Service Management Server versions 10.6.x ant\u00e9rieures \u00e0 10.6.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 10.6.x ant\u00e9rieures \u00e0 10.6.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 9.5.x ant\u00e9rieures \u00e0 9.5.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.6",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 10.6.x ant\u00e9rieures \u00e0 10.6.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.6.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.5",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.6",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.5",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.6",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.23",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.23",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.6",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-22228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
        },
        {
          "name": "CVE-2025-31650",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
        },
        {
          "name": "CVE-2024-57699",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
        }
      ],
      "initial_release_date": "2025-06-18T00:00:00",
      "last_revision_date": "2025-06-18T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0520",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-06-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2025-06-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99921",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-99921"
        },
        {
          "published_at": "2025-06-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99835",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-99835"
        },
        {
          "published_at": "2025-06-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16260",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16260"
        },
        {
          "published_at": "2025-06-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26411",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26411"
        }
      ]
    }

    CERTFR-2025-AVI-0435

    Vulnerability from certfr_avis - Published: 2025-05-21 - Updated: 2025-05-21

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Confluence Confluence Data Center versions antérieures à 9.3.2
    Atlassian Jira Jira Core Data Center versions antérieures à 9.12.22
    Atlassian Confluence Confluence Data Center versions antérieures à 8.5.22
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.6.0
    Atlassian Jira Jira Service Management Server versions antérieures à 10.6.0
    Atlassian Confluence Confluence Server versions antérieures à 9.2.4
    Atlassian Jira Jira Service Management Server versions antérieures à 5.12.22
    Atlassian Confluence Confluence Server versions antérieures à 9.3.2
    Atlassian Jira Jira Core Server versions antérieures à 10.5.1
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.3.5
    Atlassian Jira Jira Core Server versions antérieures à 10.3.5
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.5.1
    Atlassian Confluence Confluence Data Center versions antérieures à 9.2.4
    Atlassian Confluence Confluence Server versions antérieures à 9.4.1
    Atlassian Jira Jira Service Management Server versions antérieures à 9.12.22
    Atlassian Jira Jira Service Management Server versions antérieures à 10.3.5
    Atlassian Jira Jira Service Management Server versions antérieures à 10.5.1
    Atlassian Jira Jira Core Data Center versions antérieures à 10.5.1
    Atlassian Jira Jira Service Management Data Center versions antérieures à 5.12.22
    Atlassian Confluence Confluence Server versions antérieures à 8.5.22
    Atlassian Confluence Confluence Data Center versions antérieures à 9.4.1
    Atlassian Jira Jira Core Server versions antérieures à 10.6.0
    Atlassian Jira Jira Core Data Center versions antérieures à 10.6.0
    Atlassian Jira Jira Core Data Center versions antérieures à 10.3.5
    Atlassian Jira Jira Core Server versions antérieures à 9.12.22
    Atlassian Jira Jira Service Management Data Center versions antérieures à 9.12.22
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 9.12.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.22",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.6.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.6.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.4",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Server versions ant\u00e9rieures \u00e0 10.5.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Server versions ant\u00e9rieures \u00e0 10.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.5.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.4",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.4.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 9.12.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.5.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 10.5.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.22",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Server versions ant\u00e9rieures \u00e0 10.6.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 10.6.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Data Center versions ant\u00e9rieures \u00e0 10.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Server versions ant\u00e9rieures \u00e0 9.12.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 9.12.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-24970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
        },
        {
          "name": "CVE-2025-22157",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22157"
        },
        {
          "name": "CVE-2024-47072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
        },
        {
          "name": "CVE-2025-31650",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
        }
      ],
      "initial_release_date": "2025-05-21T00:00:00",
      "last_revision_date": "2025-05-21T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0435",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-05-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2025-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99686",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-99686"
        },
        {
          "published_at": "2025-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16206",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16206"
        },
        {
          "published_at": "2025-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16207",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16207"
        },
        {
          "published_at": "2025-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99568",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-99568"
        },
        {
          "published_at": "2025-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JRASERVER-78766",
          "url": "https://jira.atlassian.com/browse/JRASERVER-78766"
        }
      ]
    }

    CERTFR-2025-AVI-0316

    Vulnerability from certfr_avis - Published: 2025-04-16 - Updated: 2025-04-16

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Confluence Confluence Data Center versions antérieures à 8.5.21
    Atlassian Confluence Confluence Data Center versions antérieures à 9.3.2
    Atlassian Jira Jira Software Server versions antérieures à 10.5.1
    Atlassian Confluence Confluence Server versions antérieures à 9.2.3
    Atlassian Jira Jira Service Management Server versions antérieures à 5.12.22
    Atlassian Confluence Confluence Server versions antérieures à 9.3.2
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.3.5
    Atlassian Jira Jira Service Management Data Center versions antérieures à 10.5.1
    Atlassian Confluence Confluence Server versions antérieures à 8.5.21
    Atlassian Jira Jira Software Server versions antérieures à 10.3.5
    Atlassian Jira Jira Service Management Server versions antérieures à 10.3.5
    Atlassian Jira Jira Service Management Server versions antérieures à 10.5.1
    Atlassian Confluence Confluence Data Center versions antérieures à 9.2.3
    Atlassian Jira Jira Software Server versions antérieures à 9.12.22
    Atlassian Jira Jira Service Management Data Center versions antérieures à 5.12.22
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.22
    Atlassian Jira Jira Software Data Center versions antérieures à 10.5.1
    Atlassian Jira Jira Software Data Center versions antérieures à 10.3.5
    Atlassian Confluence Confluence Data Center versions antérieures à 9.4.0
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.21",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.5.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.3",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.5.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.21",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.5.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.3",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.22",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.5.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.5",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.0",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-24970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
        },
        {
          "name": "CVE-2019-10172",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
        },
        {
          "name": "CVE-2024-57699",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
        }
      ],
      "initial_release_date": "2025-04-16T00:00:00",
      "last_revision_date": "2025-04-16T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0316",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-04-16T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2025-04-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99547",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-99547"
        },
        {
          "published_at": "2025-04-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26359",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26359"
        },
        {
          "published_at": "2025-04-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16144",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16144"
        },
        {
          "published_at": "2025-04-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99540",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-99540"
        }
      ]
    }

    CERTFR-2025-AVI-0218

    Vulnerability from certfr_avis - Published: 2025-03-19 - Updated: 2025-03-19

    De multiples vulnérabilités ont été découvertes dans Atlassian Jira. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Service Management Data Center versions 5.x postérieures à 5.12 et versions 10.x antérieures à 10.3.4
    Atlassian Jira Jira Service Management Server versions 10.4.x antérieures à 10.5.0
    Atlassian Jira Jira Software Server versions 9.12.x antérieures à 9.12.19
    Atlassian Jira Jira Software Server versions 5.x postérieures à 5.12 et versions 10.x antérieures à 10.3.4
    Atlassian Jira Jira Service Management Server versions 5.x postérieures à 5.12 et versions 10.x antérieures à 10.3.4
    Atlassian Jira Jira Service Management Server versions postérieures à 5.7.0 et antérieures à antérieures à 5.12.19
    Atlassian Jira Jira Service Management Data Center versions postérieures à 5.7.0 et antérieures à 5.12.19
    Atlassian Jira Jira Service Management Data Center versions 10.4.x antérieures à 10.5.0
    Atlassian Jira Jira Software Data Center versions antérieures à 10.3.4
    Atlassian Jira Jira Software Server versions 10.4.x antérieures à 10.5.0
    Atlassian Jira Jira Software Data Center versions 10.4.x antérieures à 10.5.0
    Atlassian Jira Jira Software Data Center versions 9.12.x antérieures à 9.12.19
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Service Management Data Center versions 5.x post\u00e9rieures \u00e0 5.12 et versions 10.x ant\u00e9rieures \u00e0 10.3.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 10.4.x ant\u00e9rieures \u00e0 10.5.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.19",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 5.x post\u00e9rieures \u00e0 5.12 et versions 10.x ant\u00e9rieures \u00e0 10.3.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 5.x post\u00e9rieures \u00e0 5.12 et versions 10.x ant\u00e9rieures \u00e0 10.3.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions post\u00e9rieures \u00e0 5.7.0 et ant\u00e9rieures \u00e0 ant\u00e9rieures \u00e0 5.12.19",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions post\u00e9rieures \u00e0 5.7.0 et ant\u00e9rieures \u00e0 5.12.19",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 10.4.x ant\u00e9rieures \u00e0 10.5.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 10.4.x ant\u00e9rieures \u00e0 10.5.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 10.4.x ant\u00e9rieures \u00e0 10.5.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.19",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-38819",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
        },
        {
          "name": "CVE-2024-47072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
        }
      ],
      "initial_release_date": "2025-03-19T00:00:00",
      "last_revision_date": "2025-03-19T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0218",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-03-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Atlassian Jira. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Atlassian Jira",
      "vendor_advisories": [
        {
          "published_at": "2025-03-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26303",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26303"
        },
        {
          "published_at": "2025-03-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16086",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16086"
        },
        {
          "published_at": "2025-03-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26333",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26333"
        },
        {
          "published_at": "2025-03-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16083",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16083"
        }
      ]
    }

    CERTFR-2025-AVI-0144

    Vulnerability from certfr_avis - Published: 2025-02-19 - Updated: 2025-02-19

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Confluence Confluence Server versions antérieures à 8.5.19
    Atlassian Confluence Confluence Data Center versions antérieures à 8.5.19
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.15
    Atlassian Jira Jira Software Data Center versions antérieures à 9.4.28
    Atlassian Jira Jira Software Server versions antérieures à 9.17.4
    Atlassian Confluence Confluence Server versions antérieures à 9.2.1
    Atlassian Jira Jira Software Server versions antérieures à 9.12.15
    Atlassian Jira Jira Software Server versions antérieures à 10.1.2
    Atlassian Confluence Confluence Data Center versions antérieures à 9.2.1
    Atlassian Jira Jira Software Server versions antérieures à 9.4.28
    Atlassian Jira Jira Software Data Center versions antérieures à 9.17.4
    Atlassian Jira Jira Software Data Center versions antérieures à 10.1.2
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.19",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.19",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.15",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.4.28",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.17.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.15",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.1.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.4.28",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.17.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.1.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-56337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
        },
        {
          "name": "CVE-2024-7254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
        },
        {
          "name": "CVE-2024-50379",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
        }
      ],
      "initial_release_date": "2025-02-19T00:00:00",
      "last_revision_date": "2025-02-19T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0144",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-02-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2025-02-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26299",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26299"
        },
        {
          "published_at": "2025-02-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99216",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-99216"
        },
        {
          "published_at": "2025-02-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-99215",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-99215"
        }
      ]
    }

    CERTFR-2024-AVI-1006

    Vulnerability from certfr_avis - Published: 2024-11-20 - Updated: 2024-11-20

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Core Data Center versions 9.12.x antérieures à 9.12.15 LTS
    Atlassian Jira Jira Service Management Data Center versions 5.17.x antérieures à 5.17.4
    Atlassian Jira Jira Core Server versions 10.1.x antérieures à 10.1.1
    Atlassian Confluence Confluence Server versions 8.5.x antérieures à 8.5.17 LTS
    Atlassian Jira Jira Core Server versions 9.4.x antérieures à 9.4.28 LTS
    Atlassian Jira Jira Core Server versions 9.17.x antérieures à 9.17.4
    Atlassian Jira Jira Service Management Server versions 5.17.x antérieures à 5.17.4
    Atlassian Jira Jira Service Management Data Center versions 10.1.x antérieures à 10.1.1
    Atlassian Confluence Confluence Data Center versions 8.x antérieures à 8.9.8
    Atlassian Jira Jira Core Data Center versions 9.17.x antérieures à 9.17.4
    Atlassian Jira Jira Core Server versions 9.12.x antérieures à 9.12.15 LTS
    Atlassian Jira Jira Service Management Server versions 10.1.x antérieures à 10.1.1
    Atlassian Confluence Confluence Server versions 8.x antérieures à 8.9.8
    Atlassian Jira Jira Service Management Server versions 5.12.x antérieures à 5.12.15 LTS
    Atlassian Jira Jira Core Data Center versions 9.4.x antérieures à 9.4.28 LTS
    Atlassian Jira Jira Service Management Server versions 5.4.x antérieures à 5.4.28 LTS
    Atlassian Jira Jira Core Data Center versions 10.1.x antérieures à 10.1.1
    Atlassian Confluence Confluence Data Center versions 8.5.x antérieures à 8.5.17 LTS
    Atlassian Confluence Confluence Data Center versions 9.x antérieures à 9.1.1
    Atlassian Jira Jira Service Management Data Center versions 5.12.x antérieures à 5.12.15 LTS
    Atlassian Confluence Confluence Data Center versions 7.19.x antérieures à 7.19.29 LTS
    Atlassian Confluence Confluence Server versions 7.19.x antérieures à 7.19.29 LTS
    Atlassian Jira Jira Service Management Data Center versions 5.4.x antérieures à 5.4.28 LTS

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Core Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.15 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 5.17.x ant\u00e9rieures \u00e0 5.17.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.17 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.28 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Server versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 5.17.x ant\u00e9rieures \u00e0 5.17.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 8.x ant\u00e9rieures \u00e0 8.9.8",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Data Center versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.15 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 8.x ant\u00e9rieures \u00e0 8.9.8",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 5.12.x ant\u00e9rieures \u00e0 5.12.15 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.28 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions 5.4.x ant\u00e9rieures \u00e0 5.4.28 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Core Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 8.5.x ant\u00e9rieures \u00e0 8.5.17 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.1.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 5.12.x ant\u00e9rieures \u00e0 5.12.15 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 7.19.x ant\u00e9rieures \u00e0 7.19.29 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 7.19.x ant\u00e9rieures \u00e0 7.19.29 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions 5.4.x ant\u00e9rieures \u00e0 5.4.28 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-4068",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
        },
        {
          "name": "CVE-2023-46234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
        },
        {
          "name": "CVE-2024-30172",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
        },
        {
          "name": "CVE-2024-45801",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
        },
        {
          "name": "CVE-2023-52428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
        },
        {
          "name": "CVE-2024-24549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
        },
        {
          "name": "CVE-2022-38900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
        },
        {
          "name": "CVE-2024-38816",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
        }
      ],
      "initial_release_date": "2024-11-20T00:00:00",
      "last_revision_date": "2024-11-20T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-1006",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-11-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2024-11-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98022",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-98022"
        },
        {
          "published_at": "2024-11-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98299",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-98299"
        },
        {
          "published_at": "2024-11-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98481",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-98481"
        },
        {
          "published_at": "2024-11-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98442",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-98442"
        },
        {
          "published_at": "2024-11-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15626",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-15626"
        },
        {
          "published_at": "2024-11-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15689",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-15689"
        },
        {
          "published_at": "2024-11-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98484",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-98484"
        },
        {
          "published_at": "2024-11-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JRASERVER-78199",
          "url": "https://jira.atlassian.com/browse/JRASERVER-78199"
        },
        {
          "published_at": "2024-11-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98231",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-98231"
        },
        {
          "published_at": "2024-11-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98021",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-98021"
        }
      ]
    }

    CERTFR-2024-AVI-0703

    Vulnerability from certfr_avis - Published: 2024-08-21 - Updated: 2024-08-21

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance, une injection de code indirecte à distance (XSS) et une injection de requêtes illégitimes par rebond (CSRF).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Confluence Confluence Data Center et Server versions 8.9.x antérieures à 8.9.5
    Atlassian Confluence Confluence Data Center et Server versions 8.x antérieures à 8.5.14
    Atlassian Confluence Confluence Data Center et Server versions antérieures à 7.19.26
    Atlassian Jira Jira Software Data Center et Server versions 9.17.x antérieures à 9.17.1
    Atlassian Jira Jira Software Data Center et Server versions 9.4.x antérieures à 9.4.25
    Atlassian Confluence Confluence Data Center et Server versions 9.x antérieures à 9.0.1
    Atlassian Jira Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.12
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Confluence Data Center et Server versions 8.9.x ant\u00e9rieures \u00e0 8.9.5",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions 8.x ant\u00e9rieures \u00e0 8.5.14",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions ant\u00e9rieures \u00e0 7.19.26",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center et Server versions 9.17.x ant\u00e9rieures \u00e0 9.17.1",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center et Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.25",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center et Server versions 9.x ant\u00e9rieures \u00e0 9.0.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.12",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-21690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21690"
        },
        {
          "name": "CVE-2024-34750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
        }
      ],
      "initial_release_date": "2024-08-21T00:00:00",
      "last_revision_date": "2024-08-21T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0703",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-08-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une injection de code indirecte \u00e0 distance (XSS) et une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2024-08-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-97720",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-97720"
        },
        {
          "published_at": "2024-08-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26047",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-26047"
        },
        {
          "published_at": "2024-08-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-97657",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-97657"
        }
      ]
    }

    CERTFR-2024-AVI-0590

    Vulnerability from certfr_avis - Published: 2024-07-17 - Updated: 2024-07-17

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.0 LTS
    Atlassian Confluence Confluence Data Center versions antérieures à 7.19.25 LTS
    Atlassian Jira Jira Software Data Center versions antérieures à 9.4.18 LTS
    Atlassian Jira Jira Software Data Center versions antérieures à 9.8.0
    Atlassian Jira Jira Software Server versions antérieures à 9.8.0
    Atlassian Confluence Confluence Server versions antérieures à 8.5.12 LTS
    Atlassian Jira Jira Software Server versions antérieures à 9.4.18 LTS
    Atlassian Jira Jira Software Server versions antérieures à 9.12.0 LTS
    Atlassian Confluence Confluence Data Center versions antérieures à 8.5.12 LTS
    Atlassian Confluence Confluence Data Center versions antérieures à 8.9.4
    Atlassian Confluence Confluence Server versions antérieures à 7.19.25 LTS
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.0 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 7.19.25 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.4.18 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.8.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.8.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.12 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.4.18 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.0 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.12 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.9.4",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 7.19.25 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2022-41966",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
        },
        {
          "name": "CVE-2021-35516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
        },
        {
          "name": "CVE-2021-35517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
        },
        {
          "name": "CVE-2024-21686",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21686"
        },
        {
          "name": "CVE-2021-36090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
        },
        {
          "name": "CVE-2019-12402",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12402"
        },
        {
          "name": "CVE-2021-35515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
        }
      ],
      "initial_release_date": "2024-07-17T00:00:00",
      "last_revision_date": "2024-07-17T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0590",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-07-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2024-07-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96100",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-96100"
        },
        {
          "published_at": "2024-07-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96103",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-96103"
        },
        {
          "published_at": "2024-07-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96099",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-96099"
        },
        {
          "published_at": "2024-07-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25951",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-25951"
        },
        {
          "published_at": "2024-07-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96101",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-96101"
        },
        {
          "published_at": "2024-07-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96102",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-96102"
        },
        {
          "published_at": "2024-07-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-96134",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-96134"
        }
      ]
    }

    CERTFR-2024-AVI-0432

    Vulnerability from certfr_avis - Published: 2024-05-22 - Updated: 2024-05-22

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Atlassian Confluence Confluence Data Center versions antérieures à 8.9.1
    Atlassian Confluence Confluence Data Center versions antérieures à 7.19.22
    Atlassian Jira Jira Software Data Center versions antérieures à 9.8.0
    Atlassian Jira Jira Software Data Center versions antérieures à 9.11.3
    Atlassian Jira Jira Software Server versions antérieures à 9.12.7
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.0
    Atlassian Jira Jira Software Server versions antérieures à 9.15.2
    Atlassian Confluence Confluence Data Center versions antérieures à 8.5.9
    Atlassian Jira Jira Software Data Center versions antérieures à 9.7.2
    Atlassian Jira Jira Software Server versions antérieures à 9.4.20
    Atlassian Jira Jira Software Data Center versions antérieures à 9.15.2
    Atlassian Jira Jira Software Data Center versions antérieures à 9.4.20
    Atlassian Jira Jira Software Data Center versions antérieures à 9.12.7
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.9.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 7.19.22",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.8.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.11.3",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.7",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.15.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.9",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.7.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.4.20",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.15.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.4.20",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.7",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-1597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
        },
        {
          "name": "CVE-2023-45859",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45859"
        },
        {
          "name": "CVE-2022-25647",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
        },
        {
          "name": "CVE-2022-41966",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
        },
        {
          "name": "CVE-2024-23672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
        },
        {
          "name": "CVE-2024-24549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
        },
        {
          "name": "CVE-2024-22257",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
        },
        {
          "name": "CVE-2024-21683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21683"
        }
      ],
      "initial_release_date": "2024-05-22T00:00:00",
      "last_revision_date": "2024-05-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0432",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-05-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": "2024-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25950",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-25950"
        },
        {
          "published_at": "2024-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25949",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-25949"
        },
        {
          "published_at": "2024-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95839",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-95839"
        },
        {
          "published_at": "2024-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25896",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-25896"
        },
        {
          "published_at": "2024-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95834",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-95834"
        },
        {
          "published_at": "2024-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95832",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
        },
        {
          "published_at": "2024-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25948",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-25948"
        },
        {
          "published_at": "2024-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25905",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-25905"
        }
      ]
    }

    CERTFR-2024-AVI-0312

    Vulnerability from certfr_avis - Published: 2024-04-17 - Updated: 2024-04-18

    De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Atlassian Jira Jira Software Data Center versions 9.12.x LTS antérieures à 9.12.7 LTS
    Atlassian Jira Jira Service Management Server versions antérieures à 5.4.19 LTS
    Atlassian Confluence Confluence Data Center versions 7.x LTS antérieures 7.19.20 LTS
    Atlassian Jira Jira Service Management Data Center versions antérieures à 5.4.19 LTS
    Atlassian Confluence Confluence Data Center versions antérieures à 8.7.1
    Atlassian Jira Jira Software Data Center versions antérieures à 9.15.0
    Atlassian Jira Jira Service Management Data Center versions antérieures à 5.12.6
    Atlassian Confluence Confluence Server versions antérieures à 8.5.7 LTS
    Atlassian Confluence Confluence Server versions 7.x LTS antérieures 7.19.20 LTS
    Atlassian Confluence Confluence Data Center versions 8.x LTS antérieures à 8.5.7 LTS
    Atlassian Jira Jira Software Server versions 9.1.x, 9.2.x, 9.3.x et 9.4.x antérieures à 9.4.18 LTS
    Atlassian Jira Jira Service Management Server versions antérieures à 5.12.6
    Atlassian Jira Jira Software Data Center versions 9.1.x, 9.2.x, 9.3.x et 9.4.x antérieures à 9.4.18 LTS
    Atlassian Jira Jira Software Server versions antérieures à 9.12.7 LTS

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Jira Software Data Center versions 9.12.x LTS ant\u00e9rieures \u00e0 9.12.7 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.4.19 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 7.x LTS ant\u00e9rieures 7.19.20 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.4.19 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.7.1",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.15.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.6",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.7 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 7.x LTS ant\u00e9rieures 7.19.20 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 8.x LTS ant\u00e9rieures \u00e0 8.5.7 LTS",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions 9.1.x, 9.2.x, 9.3.x et 9.4.x ant\u00e9rieures \u00e0 9.4.18 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.6",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Data Center versions 9.1.x, 9.2.x, 9.3.x et 9.4.x ant\u00e9rieures \u00e0 9.4.18 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.7 LTS",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-1370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
        },
        {
          "name": "CVE-2024-21634",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
        },
        {
          "name": "CVE-2023-52428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
        }
      ],
      "initial_release_date": "2024-04-17T00:00:00",
      "last_revision_date": "2024-04-18T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0312",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-04-17T00:00:00.000000"
        },
        {
          "description": "Mise \u00e0 jour du r\u00e9sum\u00e9",
          "revision_date": "2024-04-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Atlassian\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15248 du 16 avril 2024",
          "url": "https://jira.atlassian.com/browse/JSDSERVER-15248"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25885 du 16 avril 2024",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-25885"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25892 du 16 avril 2024",
          "url": "https://jira.atlassian.com/browse/JSWSERVER-25892"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95099 du 16 avril 2024",
          "url": "https://jira.atlassian.com/browse/CONFSERVER-95099"
        }
      ]
    }

    CERTFR-2024-AVI-0040

    Vulnerability from certfr_avis - Published: 2024-01-16 - Updated: 2024-01-16

    De multiples vulnérabilités ont été découvertes dans Atlassian Confluence et Jira. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Atlassian Confluence Confluence Data Center versions LTS 8.5.x antérieures à la version 8.5.5
    Atlassian Confluence Confluence Data Center versions 8.x antérieures à la version 8.7.2
    Atlassian Jira Jira Service Management Data Center et Jira Service Management Server versions 4.20.x antérieures à la version 4.20.30
    Atlassian Jira Jira Data Center et Jira Server versions 9.x antérieures à la version 9.7.0
    Atlassian Confluence Confluence Data Center versions 7.x antérieures à la version 7.19.18
    Atlassian Confluence Confluence Server versions 7.x antérieures à la version 7.19.18
    Atlassian Confluence Confluence Server versions 8.5.x antérieures à la version 8.5.5
    Atlassian Jira Jira Service Management Data Center et Jira Service Management Server versions 5.x antérieures à la version 5.12.2
    Atlassian Jira Jira Service Management Data Center et Jira Service Management Server versions LTS 5.4.x antérieures à la version 5.4.15
    Atlassian Jira Jira Data Center et Jira Server versions LTS 9.4.x antérieures à la version 9.4.13
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Confluence Data Center versions LTS 8.5.x ant\u00e9rieures \u00e0 la version 8.5.5",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 8.x ant\u00e9rieures \u00e0 la version 8.7.2",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center et Jira Service Management Server versions 4.20.x ant\u00e9rieures \u00e0 la version 4.20.30",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Data Center et Jira Server versions 9.x ant\u00e9rieures \u00e0 la version 9.7.0",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Data Center versions 7.x ant\u00e9rieures \u00e0 la version 7.19.18",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 7.x ant\u00e9rieures \u00e0 la version 7.19.18",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Confluence Server versions 8.5.x ant\u00e9rieures \u00e0 la version 8.5.5",
          "product": {
            "name": "Confluence",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center et Jira Service Management Server versions 5.x ant\u00e9rieures \u00e0 la version 5.12.2",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Service Management Data Center et Jira Service Management Server versions LTS 5.4.x ant\u00e9rieures \u00e0 la version 5.4.15",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        },
        {
          "description": "Jira Data Center et Jira Server versions LTS 9.4.x ant\u00e9rieures \u00e0 la version 9.4.13",
          "product": {
            "name": "Jira",
            "vendor": {
              "name": "Atlassian",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2024-21672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21672"
        },
        {
          "name": "CVE-2023-22527",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22527"
        },
        {
          "name": "CVE-2022-42252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
        },
        {
          "name": "CVE-2023-3635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
        },
        {
          "name": "CVE-2022-44729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-44729"
        },
        {
          "name": "CVE-2020-25649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
        },
        {
          "name": "CVE-2023-22526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22526"
        },
        {
          "name": "CVE-2024-21673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21673"
        }
      ],
      "initial_release_date": "2024-01-16T00:00:00",
      "last_revision_date": "2024-01-16T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0040",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-01-16T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Atlassian\nConfluence et Jira. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Atlassian Confluence et Jira",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian 1333335615 du 16 janvier 2024",
          "url": "https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Atlassian 1333990257 du 16 janvier 2024",
          "url": "https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html"
        }
      ]
    }

    CVE-2021-43945 (GCVE-0-2021-43945)

    Vulnerability from nvd – Published: 2022-02-28 00:20 – Updated: 2024-10-04 18:12
    VLAI
    Summary
    Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Stored Cross-Site Scripting (SXSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Server Affected: unspecified , < 8.20.3 (custom)
    Create a notification for this product.
    Atlassian Jira Data Center Affected: unspecified , < 8.20.3 (custom)
    Create a notification for this product.
    Date Public
    2021-12-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73069"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43945",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T18:12:39.802413Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T18:12:49.031Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.20.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.20.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored Cross-Site Scripting (SXSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-28T00:20:09.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73069"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-12-31T00:00:00",
              "ID": "CVE-2021-43945",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored Cross-Site Scripting (SXSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73069",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73069"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43945",
        "datePublished": "2022-02-28T00:20:09.118Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-04T18:12:49.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43953 (GCVE-0-2021-43953)

    Vulnerability from nvd – Published: 2022-02-15 02:40 – Updated: 2024-10-08 14:38
    VLAI
    Summary
    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Server Affected: unspecified , < 8.13.16 (custom)
    Affected: next of 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.5 (custom)
    Create a notification for this product.
    Atlassian Jira Data Center Affected: unspecified , < 8.13.16 (custom)
    Affected: next of 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.5 (custom)
    Create a notification for this product.
    Date Public
    2022-01-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:16.450Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73170"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:38:34.132122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:38:59.629Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "next of 8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "next of 8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-01-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T01:45:17.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73170"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-01-06T00:00:00",
              "ID": "CVE-2021-43953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.16"
                              },
                              {
                                "version_affected": "\u003e",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.16"
                              },
                              {
                                "version_affected": "\u003e",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73170",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73170"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43953",
        "datePublished": "2022-02-15T02:40:10.288Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-08T14:38:59.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43947 (GCVE-0-2021-43947)

    Vulnerability from nvd – Published: 2022-01-06 01:05 – Updated: 2024-10-08 14:34
    VLAI
    Summary
    Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution (RCE)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Server Affected: unspecified , < 8.13.15 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.3 (custom)
    Create a notification for this product.
    Atlassian Jira Data Center Affected: unspecified , < 8.13.15 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.3 (custom)
    Create a notification for this product.
    atlassian jira_data_center Affected: 0 , < 8.13.15 (custom)
    Affected: 8.14.0 , < 8.20.3 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 0 , < 8.13.15 (custom)
    Affected: 8.14.0 , < 8.20.3 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2022-01-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73067"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.15",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.3",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.15",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.3",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43947",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:28:34.740441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:34:08.233Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-01-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution (RCE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-06T01:05:09.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73067"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-01-05T00:00:00",
              "ID": "CVE-2021-43947",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.15"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.15"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution (RCE)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73067",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73067"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43947",
        "datePublished": "2022-01-06T01:05:10.045Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-08T14:34:08.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41312 (GCVE-0-2021-41312)

    Vulnerability from nvd – Published: 2021-11-03 03:50 – Updated: 2024-10-10 13:45
    VLAI
    Summary
    Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication (CWE-287)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Server Affected: unspecified , < 8.19.1 (custom)
    Create a notification for this product.
    Atlassian Jira Data Center Affected: unspecified , < 8.19.1 (custom)
    Create a notification for this product.
    atlassian jira_server Affected: 0 , < 8.19.1 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 0 , < 8.19.1 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-10-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:08:31.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-72801"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.19.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.19.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41312",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T13:44:04.544542Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T13:45:52.185Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.19.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.19.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-10-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication (CWE-287)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-03T03:50:33.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-72801"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-10-26T00:00:00",
              "ID": "CVE-2021-41312",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.19.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.19.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authentication (CWE-287)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-72801",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-72801"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-41312",
        "datePublished": "2021-11-03T03:50:33.432Z",
        "dateReserved": "2021-09-16T00:00:00.000Z",
        "dateUpdated": "2024-10-10T13:45:52.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41308 (GCVE-0-2021-41308)

    Vulnerability from nvd – Published: 2021-10-26 04:15 – Updated: 2024-10-09 19:23
    VLAI
    Summary
    Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization (CWE-285)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Server Affected: unspecified , < 8.6.0 (custom)
    Affected: 8.7.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.12 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.1 (custom)
    Create a notification for this product.
    Atlassian Jira Data Center Affected: unspecified , < 8.6.0 (custom)
    Affected: 8.7.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.12 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.1 (custom)
    Create a notification for this product.
    Date Public
    2021-10-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:08:31.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-72940"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41308",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T19:23:07.362491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:23:22.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.6.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.6.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization (CWE-285)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-26T04:15:22.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-72940"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-10-25T00:00:00",
              "ID": "CVE-2021-41308",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.12"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.12"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authorization (CWE-285)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-72940",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-72940"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-41308",
        "datePublished": "2021-10-26T04:15:22.911Z",
        "dateReserved": "2021-09-16T00:00:00.000Z",
        "dateUpdated": "2024-10-09T19:23:22.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43945 (GCVE-0-2021-43945)

    Vulnerability from cvelistv5 – Published: 2022-02-28 00:20 – Updated: 2024-10-04 18:12
    VLAI
    Summary
    Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Stored Cross-Site Scripting (SXSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Server Affected: unspecified , < 8.20.3 (custom)
    Create a notification for this product.
    Atlassian Jira Data Center Affected: unspecified , < 8.20.3 (custom)
    Create a notification for this product.
    Date Public
    2021-12-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73069"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43945",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T18:12:39.802413Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T18:12:49.031Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.20.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.20.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored Cross-Site Scripting (SXSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-28T00:20:09.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73069"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-12-31T00:00:00",
              "ID": "CVE-2021-43945",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored Cross-Site Scripting (SXSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73069",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73069"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43945",
        "datePublished": "2022-02-28T00:20:09.118Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-04T18:12:49.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43953 (GCVE-0-2021-43953)

    Vulnerability from cvelistv5 – Published: 2022-02-15 02:40 – Updated: 2024-10-08 14:38
    VLAI
    Summary
    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Server Affected: unspecified , < 8.13.16 (custom)
    Affected: next of 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.5 (custom)
    Create a notification for this product.
    Atlassian Jira Data Center Affected: unspecified , < 8.13.16 (custom)
    Affected: next of 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.5 (custom)
    Create a notification for this product.
    Date Public
    2022-01-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:16.450Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73170"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:38:34.132122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:38:59.629Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "next of 8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "next of 8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-01-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T01:45:17.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73170"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-01-06T00:00:00",
              "ID": "CVE-2021-43953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.16"
                              },
                              {
                                "version_affected": "\u003e",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.16"
                              },
                              {
                                "version_affected": "\u003e",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73170",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73170"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43953",
        "datePublished": "2022-02-15T02:40:10.288Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-08T14:38:59.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43947 (GCVE-0-2021-43947)

    Vulnerability from cvelistv5 – Published: 2022-01-06 01:05 – Updated: 2024-10-08 14:34
    VLAI
    Summary
    Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution (RCE)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Server Affected: unspecified , < 8.13.15 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.3 (custom)
    Create a notification for this product.
    Atlassian Jira Data Center Affected: unspecified , < 8.13.15 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.3 (custom)
    Create a notification for this product.
    atlassian jira_data_center Affected: 0 , < 8.13.15 (custom)
    Affected: 8.14.0 , < 8.20.3 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 0 , < 8.13.15 (custom)
    Affected: 8.14.0 , < 8.20.3 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2022-01-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73067"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.15",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.3",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.15",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.3",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43947",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:28:34.740441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:34:08.233Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-01-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution (RCE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-06T01:05:09.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73067"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-01-05T00:00:00",
              "ID": "CVE-2021-43947",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.15"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.15"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution (RCE)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73067",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73067"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43947",
        "datePublished": "2022-01-06T01:05:10.045Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-08T14:34:08.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41312 (GCVE-0-2021-41312)

    Vulnerability from cvelistv5 – Published: 2021-11-03 03:50 – Updated: 2024-10-10 13:45
    VLAI
    Summary
    Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication (CWE-287)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Server Affected: unspecified , < 8.19.1 (custom)
    Create a notification for this product.
    Atlassian Jira Data Center Affected: unspecified , < 8.19.1 (custom)
    Create a notification for this product.
    atlassian jira_server Affected: 0 , < 8.19.1 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 0 , < 8.19.1 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-10-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:08:31.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-72801"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.19.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.19.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41312",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T13:44:04.544542Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T13:45:52.185Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.19.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.19.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-10-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication (CWE-287)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-03T03:50:33.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-72801"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-10-26T00:00:00",
              "ID": "CVE-2021-41312",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.19.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.19.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authentication (CWE-287)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-72801",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-72801"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-41312",
        "datePublished": "2021-11-03T03:50:33.432Z",
        "dateReserved": "2021-09-16T00:00:00.000Z",
        "dateUpdated": "2024-10-10T13:45:52.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }