- 316/2024
- High
Atlassian has released security updates to fix several vulnerabilities across multiple Atlassian products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, conduct cross-site scripting attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. SourceTree Remote Code Execution Vulnerability (CVE-2024-21697):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Jira Service Management Data Center and Server DOMPurify Dependency Cross Site Scripting Vulnerability (CVE-2024-45801):
- CVSS: 8.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Cross-Site Scripting
The affected products:
- Atlassian Bamboo Data Center and Server.
- Atlassian Bitbucket Data Center and Server.
- Atlassian Confluence Data Center and Server.
- Atlassian Crowd Data Center and Server.
- Atlassian Jira Data Center and Server.
- Atlassian Jira Service Management Data Center and Server.
- Atlassian SourceTree for Windows and Mac.
Vulnerabilities
- CVE-2024-47561
- CVE-2024-30172
- CVE-2024-24549
- CVE-2024-4068
- CVE-2023-52428
- CVE-2022-38900
- CVE-2023-46234
- CVE-2024-38816
- CVE-2024-38286
- CVE-2024-34750
- CVE-2024-45801
- CVE-2024-21697
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.