Security Bulletin - December 12 2023

セキュリティ アドバイザリーおよびセキュリティ情報

このページの内容

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

December 2023 Security Bulletin

The December 2023 Security Bulletin is part of Atlassian’s new monthly disclosure of non-critical vulnerabilities. Our goal is to support our customers in taking timely action to protect their instances with increased transparency and regular, proactive updates. Vulnerabilities are identified through Atlassian's ongoing security assessments, which include activities such as our Bug Bounty program, pen-testing processes, and third-party library scans. Read more about Atlassian's Security Bulletins here.

NOTE: The vulnerabilities included in monthly Security Bulletins present a lower impact than those published via Critical Security Advisories. Customers can expect to receive those high-priority patches outside of our monthly schedule as necessary.

(lightbulb)You can continue to count on receiving Monthly Security Bulletins on the third Tuesday of the month, except for December which we’ll publish on the second Tuesday. We’ve made the adjustment to accommodate the holiday season.

The vulnerabilities reported in this security bulletin include 7 high-severity vulnerabilities which have been fixed in new versions of our products, released in the last month. 

December 2023 Released Security Vulnerabilities

要約

深刻度

CVSS スコア

影響を受けるバージョン

CVE ID

詳細情報

公開日

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server

7.5

All versions including and after 4.20.0

CVE-2022-28366

JSDSERVER-14921

2023 年 12 月 12 日

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server

7.5

All versions including and after 4.20.0

CVE-2022-29546

JSDSERVER-14873

2023 年 12 月 12 日

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server

7.5

All versions including and after 4.20.0

CVE-2022-24839

JSDSERVER-14872

2023 年 12 月 12 日

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Vulnerability in Crowd Data Center and Server

7.5

All versions up to 5.0.7
From 5.1.x to 5.1.5
And 5.2.0

CVE-2023-44487

CWD-6184

2023 年 12 月 12 日

DoS (Denial of Service) net.minidev:json-smart Vulnerability in Confluence Data Center and Server

7.5

All versions up to 7.19.16
From 8.0.x to 8.3.3
From 8.4.x to 8.4.5
From 8.5.x to 8.5.4
From 8.6.x to 8.6.2
And 8.7.0

CVE-2021-31684

CONFSERVER-93361

2023 年 12 月 12 日

DoS (Denial of Service) okio in Bitbucket Data Center and Server

7.5

From 7.17.x to 7.21.17
From 8.7.x to 8.9.6
From 8.10.x to 8.11.5
From 8.12.x to 8.12.3
From 8.13.x to 8.13.2
From 8.14.x to 8.14.1

CVE-2023-3635

BSERV-19020

2023 年 12 月 12 日

DoS (Denial of Service) json-java in Bamboo Data Center and Server

7.5

From 8.1.x to 9.2.6
From 9.3.x to 9.3.4

CVE-2023-5072

BAM-25498

2023 年 12 月 12 日


必要なアクション

To fix all the vulnerabilities in this bulletin, Atlassian recommends patching your instances to the latest version. If you're unable to do so, patch to the minimum fix version in the table below.

製品

推奨される修正

Bamboo Data Center and Server

Patch to a minimum fix version of 9.2.7, 9.3.5 or latest

Jira Service Management Data Center および Server

Patch to a minimum fix version of 4.20.28, 5.4.12 or latest

(info) Jira を修正バージョンにアップグレードすることも必要です。

Crowd Data Center and Server

Patch to a minimum fix version of 5.0.8, 5.1.6, 5.2.1 or latest

Confluence Data Center および Server

Patch to a minimum fix version of 7.19.17, 8.3.4, 8.4.5, 8.5.4, 8.6.2, 8.7.1 or latest

Bitbucket Data Center および Server

Patch to a minimum fix version of 7.21.18, 8.9.7, 8.11.6, 8.12.4, 8.13.3, 8.14.2 or latest

To search for CVEs or check your products versions for disclosed vulnerabilities, check the Vulnerability Disclosure Portal.

最終更新日: 2023 年 12 月 15 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.