--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'Vulnerabilities in Atlassian Products' number: '2024-040' version: '1.0' original_date: 'April 16, 2024' date: 'April 17, 2024' --- _History:_ * _17/04/2024 --- v1.0 -- Initial publication_ # Summary On April 16, 2024, Atlassian released a security advisory addressing 7 high vulnerabilities in Bamboo Data Center, Confluence Data Center, Jira Software Data Center, and Jira Service Management Data Center [1]. It is recommended updating as soon as possible prioritising internet facing instances. # Technical Details All the vulnerabilities, with CVSS scores ranging from 7.5 to 8.2, are caused by vulnerable dependencies used by Atlassian products. If exploited, these vulnerabilities could allow an attacker to expose assets in internal environments susceptible to exploitation, or to cause denial of service condition [1]. # Affected Products The list of affected products includes: - **Bamboo Data Center** versions 9.6.0, 9.5.0 to 9.5.2, 9.4.0 to 9.4.3, 9.3.0 to 9.3.6, 9.2.0 to 9.2.12 (LTS), 9.1.0 to 9.1.3, 9.0.0 to 9.0.4, 8.2.0 to 8.2.9, and any earlier versions. - **Confluence Data Center** versions 8.7.0, 8.6.0 to 8.6.2, 8.5.0 to 8.5.6 (LTS), 8.4.0 to 8.4.5, 8.3.0 to 8.3.4, 8.2.0 to 8.2.3, 8.1.0 to 8.1.4, 8.0.0 to 8.0.4, 7.20.0 to 7.20.3, 7.19.0 to 7.19.19 (LTS), 7.18.0 to 7.18.3, 7.17.0 to 7.17.5, and any earlier versions. - **Jira Software Data Center** versions 9.14.0 to 9.14.1, 9.13.0 to 9.13.1, 9.12.0 to 9.12.5 LTS, 9.11.0 to 9.11.3, 9.10.0 to 9.10.2, 9.9.0 to 9.9.2, 9.8.0 to 9.8.2, 9.7.0 to 9.7.2, 9.6.0, 9.5.0 to 9.5.1, 9.4.0 to 9.4.17 LTS, 9.3.0 to 9.3.3, 9.2.0 to 9.2.1, 9.1.0 to 9.1.1, 9.0.0, and any earlier versions - **Jira Service Management Data Center** versions 5.12.0 to 5.12.5 (LTS), 5.11.0 to 5.11.3, 5.10.0 to 5.10.2, 5.9.0 to 5.9.2, 5.8.0 to 5.8.2, 5.7.0 to 5.7.2, 5.6.0 to 5.6.2, 5.5.0 to 5.5.1, 5.4.0 to 5.4.18 (LTS), and any earlier versions # Recommendations CERT-EU strongly recommends installing the latest version of Atlassian products, prioritising internet facing instances. # References [1]