Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
979 vulnerabilities by Atlassian
CERTFR-2026-AVI-0773
Vulnerability from certfr_avis - Published: 2026-06-18 - Updated: 2026-06-18
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Service Management Data Center et Server versions 11.3.x antérieures à 11.3.7 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.2.x antérieures à 10.2.13 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.3.x antérieures à 10.3.22 | ||
| Atlassian | Jira | Jira Service Management Data Center et Server versions 10.3.x antérieures à 10.3.22 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.2.x antérieures à 9.2.21 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.3.x antérieures à 10.3.22 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.3.x antérieures à 11.3.7 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 10.3.x antérieures à 10.3.22 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.3.x antérieures à 11.3.7 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.36 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 11.3.x antérieures à 11.3.7 | ||
| Atlassian | Jira | Jira Software Data Center versions 9.12.x antérieures à 9.12.36 |
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Service Management Data Center et Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.2.x ant\u00e9rieures \u00e0 10.2.13",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.21",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.36",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.36",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-43515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43515"
},
{
"name": "CVE-2026-42211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42211"
},
{
"name": "CVE-2026-34486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-42585",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42585"
},
{
"name": "CVE-2026-42584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
},
{
"name": "CVE-2026-41284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41284"
},
{
"name": "CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"name": "CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"name": "CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"name": "CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"name": "CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2026-34487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2026-42038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
},
{
"name": "CVE-2026-42583",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
},
{
"name": "CVE-2026-43513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43513"
},
{
"name": "CVE-2026-29129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
},
{
"name": "CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"name": "CVE-2026-42342",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42342"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2026-42264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
},
{
"name": "CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"name": "CVE-2026-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43512"
},
{
"name": "CVE-2026-42579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
},
{
"name": "CVE-2026-42498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42498"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-34077",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34077"
},
{
"name": "CVE-2026-41293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41293"
}
],
"initial_release_date": "2026-06-18T00:00:00",
"last_revision_date": "2026-06-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0773",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26825",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26825"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16543",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16543"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16622",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16622"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16604",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16604"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26820",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26820"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26813",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26813"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16583",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16583"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16609",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16609"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16613",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16613"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104143",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104143"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104139",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104139"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16626",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16626"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16614",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16614"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26791",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26791"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104136",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104136"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26783",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26783"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103936",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103936"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26805",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26805"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26800",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26800"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26838",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26838"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16618",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16618"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26815",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26815"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26819",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26819"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104131",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104131"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104199",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104199"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103906",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103906"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26751",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26751"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16620",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16620"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16615",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16615"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16632",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16632"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16627",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16627"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103468",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103468"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26841",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26841"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26818",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26818"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26837",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26837"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104132",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104132"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16608",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16608"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26835",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26835"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104134",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104134"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16616",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16616"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16610",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16610"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16617",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16617"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26821",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26821"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26784",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26784"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16623",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16623"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104133",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104133"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26840",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26840"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104130",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104130"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16629",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16629"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26752",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26752"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26827",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26827"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16606",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16606"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16628",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16628"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26816",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26816"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104135",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104135"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26811",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26811"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26826",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26826"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16541",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16541"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104138",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104138"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26822",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26822"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16607",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16607"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16631",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16631"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16625",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16625"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104171",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104171"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16621",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16621"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16584",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16584"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26814",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26814"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16611",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16611"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26836",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26836"
}
]
}
CERTFR-2026-AVI-0621
Vulnerability from certfr_avis - Published: 2026-05-20 - Updated: 2026-05-20
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.3.20 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 11.3.5 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 10.2.11 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.20 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 11.3.5 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.20 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.35 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.20 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 11.3.5 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.20",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 11.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.2.11",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.20",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 11.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.20",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.35",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.20",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 11.3.5",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"name": "CVE-2026-29146",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29146"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2026-34487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
},
{
"name": "CVE-2026-29062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29062"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-29129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
},
{
"name": "CVE-2026-34483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
},
{
"name": "CVE-2026-24880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24880"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
}
],
"initial_release_date": "2026-05-20T00:00:00",
"last_revision_date": "2026-05-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0621",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103710",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103710"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16574",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16574"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26786",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26786"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16576",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16576"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103709",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103709"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103708",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103708"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16588",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16588"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26781",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26781"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16571",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16571"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16573",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16573"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103633",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103633"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26778",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26778"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26780",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26780"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26788",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26788"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103713",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103713"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16587",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16587"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26793",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26793"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26785",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26785"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16577",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16577"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103712",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103712"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26787",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26787"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16578",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16578"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103707",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103707"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103647",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103647"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26782",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26782"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16575",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16575"
}
]
}
CERTFR-2026-AVI-0479
Vulnerability from certfr_avis - Published: 2026-04-22 - Updated: 2026-04-22
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions 10.x antérieures à 10.2.10 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.x antérieures à 11.3.4 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.33 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.19 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.x antérieures à 10.3.19 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.34 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.19 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.13 | ||
| Atlassian | Jira | Jira Software Server versions 10.x antérieures à 10.3.16 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.x antérieures à 11.3.4 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions 10.x ant\u00e9rieures \u00e0 10.2.10",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.x ant\u00e9rieures \u00e0 11.3.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.33",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.19",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.19",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.34",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.19",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.13",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.3.16",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.x ant\u00e9rieures \u00e0 11.3.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2023-48631",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48631"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2021-31597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31597"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2025-66020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66020"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2026-04-22T00:00:00",
"last_revision_date": "2026-04-22T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0479",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26754",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26754"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16542",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16542"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26657",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26657"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16551",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16551"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26764",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26764"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103476",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103476"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103467",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103467"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103471",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103471"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103469",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103469"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103475",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103475"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16544",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16544"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103470",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103470"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103472",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103472"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103612",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103612"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103539",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103539"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103474",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103474"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26666",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26666"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16557",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16557"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103517",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103517"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16550",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16550"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16540",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16540"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26765",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26765"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26763",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26763"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26760",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26760"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16552",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16552"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16556",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16556"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102567",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102567"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103473",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103473"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103516",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103516"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103518",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103518"
}
]
}
CERTFR-2026-AVI-0314
Vulnerability from certfr_avis - Published: 2026-03-18 - Updated: 2026-03-18
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Server versions antérieures à 10.3.17 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 11.3.2 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 10.2.7 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 11.3.3 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.0.2 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 11.3.3 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.0.2 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.3.18 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.15 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 11.3.3 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.15 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 10.2.7 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.17 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.18 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.17",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 11.3.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.2.7",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 11.3.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 11.3.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.18",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.15",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 11.3.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.15",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 10.2.7",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.17",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.18",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2022-25927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2026-03-18T00:00:00",
"last_revision_date": "2026-03-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0314",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16515",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16515"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16527",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16527"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26730",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26730"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16530",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16530"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26714",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26714"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26736",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26736"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26716",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26716"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102542",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102542"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16529",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16529"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16510",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16510"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26732",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26732"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16528",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16528"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26733",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26733"
}
]
}
CERTFR-2026-AVI-0182
Vulnerability from certfr_avis - Published: 2026-02-18 - Updated: 2026-02-18
De multiples vulnérabilités ont été découvertes dans Atlassian Confluence. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Server versions 9.4.x antérieures à 9.4.0 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.4.x antérieures à 9.4.0 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.5.x antérieures à 9.5.3 | ||
| Atlassian | Confluence | Confluence Server versions 10.1.x antérieures à 10.1.0 | ||
| Atlassian | Confluence | Confluence Server versions 10.0.x antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.0.x antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Server versions 9.2.x antérieures à 9.2.7 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.10 | ||
| Atlassian | Confluence | Confluence Server versions 9.5.x antérieures à 9.5.3 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.1.x antérieures à 10.1.0 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.2.x antérieures à 10.2.6 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.10 | ||
| Atlassian | Confluence | Confluence Server versions 10.2.x antérieures à 10.2.6 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.2.x antérieures à 9.2.15 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.3.x antérieures à 9.3.1 | ||
| Atlassian | Confluence | Confluence Server versions 9.3.x antérieures à 9.3.1 |
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.5.x ant\u00e9rieures \u00e0 9.5.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.7",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.10",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.3",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.2.x ant\u00e9rieures \u00e0 10.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.10",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 10.2.x ant\u00e9rieures \u00e0 10.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.15",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2022-25927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
}
],
"initial_release_date": "2026-02-18T00:00:00",
"last_revision_date": "2026-02-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0182",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Atlassian Confluence. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Atlassian Confluence",
"vendor_advisories": [
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102185",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102185"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101930",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101930"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102184",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102184"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102186",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102186"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102193",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102193"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102132",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102132"
}
]
}
CERTFR-2026-AVI-0065
Vulnerability from certfr_avis - Published: 2026-01-21 - Updated: 2026-01-21
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Server versions 11.3.x antérieures à 11.3.0 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.31 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.29 | ||
| Atlassian | Jira | Jira Service Management Server versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.2.x antérieures à 11.2.1 | ||
| Atlassian | Jira | Jira Software Server versions 11.2.x antérieures à 11.2.1 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.x antérieures à 10.3.16 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.x antérieures à 10.3.16 | ||
| Atlassian | Jira | Jira Service Management Server versions 11.3.x antérieures à 11.3.0 | ||
| Atlassian | Confluence | Confluence Server versions 9.x antérieures à 9.2.13 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.x antérieures à 10.2.2 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.26 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.3.x antérieures à 11.3.1 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.31 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.26 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.2.13 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.x antérieures à 10.3.16 | ||
| Atlassian | Jira | Jira Software Server versions 10.x antérieures à 10.3.16 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.29 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.3.x antérieures à 11.3.0 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.31",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.29",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.2.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 11.2.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.16",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.x ant\u00e9rieures \u00e0 10.3.16",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.x ant\u00e9rieures \u00e0 9.2.13",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.x ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.31",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.2.13",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.16",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.3.16",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.29",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-53689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53689"
}
],
"initial_release_date": "2026-01-21T00:00:00",
"last_revision_date": "2026-01-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0065",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26667",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26667"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16497",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16497"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16496",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16496"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101827",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101827"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26665",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26665"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16485",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16485"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26661",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26661"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16491",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16491"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101878",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101878"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16501",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16501"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26663",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26663"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16503",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16503"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26662",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26662"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16459",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16459"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26654",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26654"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26656",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26656"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101872",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101872"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16502",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16502"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101842",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101842"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16499",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16499"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16465",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16465"
}
]
}
CERTFR-2025-AVI-1100
Vulnerability from certfr_avis - Published: 2025-12-12 - Updated: 2025-12-12
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.30 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 10.3.x antérieures à 10.3.15 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.5.x antérieures à 9.5.2 | ||
| Atlassian | Jira | Jira Service Management Data Center et Server versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.0.x antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.5.x antérieures à 8.5.30 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.1.x antérieures à 10.1.0 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.2.x antérieures à 9.2.12 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.3.x antérieures à 9.3.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.4.x antérieures à 9.4.0 | ||
| Atlassian | Jira | Jira Service Management Data Center et Server versions 10.3.x antérieures à 10.3.15 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.2.x antérieures à 10.2.1 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.30",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.30",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.12",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-39227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39227"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2016-1181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1181"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2023-49735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2016-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1182"
}
],
"initial_release_date": "2025-12-12T00:00:00",
"last_revision_date": "2025-12-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1100",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16469",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16469"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26599",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26599"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101574",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101574"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26636",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26636"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26600",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26600"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16461",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16461"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16478",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16478"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26614",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26614"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16458",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16458"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26630",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26630"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26627",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26627"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26634",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26634"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16466",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16466"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101788",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101788"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101478",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101478"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101573",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101573"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16477",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16477"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26635",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26635"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16470",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16470"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26629",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26629"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16479",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16479"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26625",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26625"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26626",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26626"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101575",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101575"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16462",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16462"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101489",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101489"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26619",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26619"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16456",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16456"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26615",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26615"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26628",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26628"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16480",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16480"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26620",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26620"
}
]
}
CERTFR-2025-AVI-1025
Vulnerability from certfr_avis - Published: 2025-11-19 - Updated: 2025-11-19
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center versions antérieures à 11.2.0 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.3.10 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.7.3 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.5.4 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.6 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 11.2.0 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.26 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.10 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 11.2.0 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 11.2.0 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.6 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 10.0.2 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.26 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 10.1.1 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.26 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.3.1 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.3.10 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.26 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.20 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.4.0 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.5.4 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.20 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.4.0 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.10 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.3.1 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.5.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.20",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.5.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.20",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
}
],
"initial_release_date": "2025-11-19T00:00:00",
"last_revision_date": "2025-11-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1025",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101488",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101488"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16435",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16435"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26537",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26537"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101480",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101480"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101486",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101486"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101487",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101487"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101485",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101485"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101479",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101479"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101477",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101477"
}
]
}
CVE-2026-21571 (GCVE-0-2026-21571)
Vulnerability from nvd – Published: 2026-04-21 17:00 – Updated: 2026-04-23 03:56- OS Command Injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Bamboo Data Center |
Affected:
12.1.0 to 12.1.3
Affected: 12.0.0 to 12.0.2 Affected: 11.0.0 to 11.0.8 Affected: 10.2.0 to 10.2.16 Affected: 10.1.0 to 10.1.1 Affected: 10.0.0 to 10.0.3 Affected: 9.6.2 to 9.6.24 Unaffected: 12.1.6 Unaffected: 10.2.18 Unaffected: 9.6.25 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21571",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T03:56:05.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Bamboo Data Center",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "12.1.0 to 12.1.3"
},
{
"status": "affected",
"version": "12.0.0 to 12.0.2"
},
{
"status": "affected",
"version": "11.0.0 to 11.0.8"
},
{
"status": "affected",
"version": "10.2.0 to 10.2.16"
},
{
"status": "affected",
"version": "10.1.0 to 10.1.1"
},
{
"status": "affected",
"version": "10.0.0 to 10.0.3"
},
{
"status": "affected",
"version": "9.6.2 to 9.6.24"
},
{
"status": "unaffected",
"version": "12.1.6"
},
{
"status": "unaffected",
"version": "10.2.18"
},
{
"status": "unaffected",
"version": "9.6.25"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:data_center:*:*:*",
"versionEndIncluding": "9.6.24",
"versionStartIncluding": "9.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.6:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.7:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.8:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.9:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.10:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.11:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.12:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.13:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.14:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.15:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.16:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.17:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.18:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.19:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.20:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.21:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.22:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.23:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.24:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.25:*:*:*:data_center:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0,\r\n11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.\r\n\u00a0\r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of\r\nCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H allows an authenticated attacker to execute commands\r\non the remote system, which has high impact to confidentiality, high impact to integrity, high impact to availability,\r\nand requires no user interaction.\r\n\u00a0\r\nAtlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade\r\nyour instance to one of the specified supported fixed versions:\r\n Bamboo Data Center 9.6.0: Upgrade to a release greater than or equal to 9.6.25\r\n Bamboo Data Center 10.2: Upgrade to a release greater than or equal to 10.2.18\u00a0\r\n Bamboo Data Center 12.1: Upgrade to a release greater than or equal to 12.1.6\r\n\r\nSee the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center from the download center ([https://www.atlassian.com/software/bamboo/download-archives])."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "OS Command Injection"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T17:00:05.524Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1770913890"
},
{
"url": "https://jira.atlassian.com/browse/BAM-26364"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2026-21571",
"datePublished": "2026-04-21T17:00:05.524Z",
"dateReserved": "2026-01-01T00:00:40.720Z",
"dateUpdated": "2026-04-23T03:56:05.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21570 (GCVE-0-2026-21570)
Vulnerability from nvd – Published: 2026-03-17 18:00 – Updated: 2026-03-17 18:21- RCE (Remote Code Execution)
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Bamboo Data Center |
Affected:
12.1.0 to 12.1.2
Affected: 12.0.0 to 12.0.2 Affected: 11.0.0 to 11.0.8 Affected: 10.2.0 to 10.2.15 Affected: 10.1.0 to 10.1.1 Affected: 10.0.0 to 10.0.3 Affected: 9.6.1 to 9.6.23 Unaffected: 12.1.3 Unaffected: 10.2.16 Unaffected: 9.6.24 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T18:21:29.754925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T18:21:46.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Bamboo Data Center",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "12.1.0 to 12.1.2"
},
{
"status": "affected",
"version": "12.0.0 to 12.0.2"
},
{
"status": "affected",
"version": "11.0.0 to 11.0.8"
},
{
"status": "affected",
"version": "10.2.0 to 10.2.15"
},
{
"status": "affected",
"version": "10.1.0 to 10.1.1"
},
{
"status": "affected",
"version": "10.0.0 to 10.0.3"
},
{
"status": "affected",
"version": "9.6.1 to 9.6.23"
},
{
"status": "unaffected",
"version": "12.1.3"
},
{
"status": "unaffected",
"version": "10.2.16"
},
{
"status": "unaffected",
"version": "9.6.24"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:data_center:*:*:*",
"versionEndIncluding": "9.6.23",
"versionStartIncluding": "9.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.6:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.7:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.8:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.9:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.10:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.11:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.12:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.13:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.14:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.15:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.16:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.17:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.18:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.19:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.20:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.21:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.22:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.23:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.24:*:*:*:data_center:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This High severity RCE (Remote Code Execution)\u00a0 vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.\r\n\r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute malicious code on the remote system.\r\n\r\nAtlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n Bamboo Data Center 9.6: Upgrade to a release greater than or equal to 9.6.24\r\n\r\n Bamboo Data Center 10.2: Upgrade to a release greater than or equal to 10.2.16\r\n\r\n Bamboo Data Center 12.1: Upgrade to a release greater than or equal to 12.1.3\r\n\r\nSee the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center from the download center ([https://www.atlassian.com/software/bamboo/download-archives]).\r\n\r\nThis vulnerability was reported via our Atlassian (Internal) program."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE (Remote Code Execution)",
"lang": "en",
"type": "RCE (Remote Code Execution)"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T18:00:00.907Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1721271371"
},
{
"url": "https://jira.atlassian.com/browse/BAM-26342"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2026-21570",
"datePublished": "2026-03-17T18:00:00.907Z",
"dateReserved": "2026-01-01T00:00:40.720Z",
"dateUpdated": "2026-03-17T18:21:46.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21569 (GCVE-0-2026-21569)
Vulnerability from nvd – Published: 2026-01-28 00:30 – Updated: 2026-01-28 14:49- XXE (XML External Entity Injection)
- CWE-611 - Improper Restriction of XML External Entity Reference
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Crowd Data Center |
Affected:
7.1.0 to 7.1.2
Unaffected: 7.1.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T14:49:16.812896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T14:49:56.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Crowd Data Center",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "7.1.0 to 7.1.2"
},
{
"status": "unaffected",
"version": "7.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. \n\t\n\tThis XXE (XML External Entity Injection) vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high impact to confidentiality, low impact to integrity, high impact to availability, and requires no user interaction. \n\t\n\tAtlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\t\t\n\t\t* Crowd Data Center and Server 7.1: Upgrade to a release greater than or equal to 7.1.3\n\t\t\n\t\t\n\t\n\tSee the release notes (https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html). You can download the latest version of Crowd Data Center and Server from the download center (https://www.atlassian.com/software/crowd/download-archive). \n\t\n\tThis vulnerability was reported via our Atlassian (Internal) program."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE (XML External Entity Injection)",
"lang": "en",
"type": "XXE (XML External Entity Injection)"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T00:30:00.557Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1712324819"
},
{
"url": "https://jira.atlassian.com/browse/CWD-6453"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2026-21569",
"datePublished": "2026-01-28T00:30:00.557Z",
"dateReserved": "2026-01-01T00:00:40.720Z",
"dateUpdated": "2026-01-28T14:49:56.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22178 (GCVE-0-2025-22178)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-22 17:21- Improper Authorization
- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T17:21:18.410947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T17:21:57.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view items on the \"Why\" page."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:04.731Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8647"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22178",
"datePublished": "2025-10-22T16:30:04.731Z",
"dateReserved": "2025-01-01T00:01:27.178Z",
"dateUpdated": "2025-10-22T17:21:57.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22177 (GCVE-0-2025-22177)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-22 18:48- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T18:48:37.219728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T18:48:41.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view other team overviews."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:00.632Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8646"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22177",
"datePublished": "2025-10-22T16:30:00.632Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-22T18:48:41.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22176 (GCVE-0-2025-22176)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-23 17:40- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T17:40:44.569011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T17:40:48.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view audit log items."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:02.956Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8645"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22176",
"datePublished": "2025-10-22T16:30:02.956Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-23T17:40:48.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22175 (GCVE-0-2025-22175)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-27 16:09- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T18:08:17.435004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T16:09:06.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user\u0027s private checklist."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:00.592Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8644"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22175",
"datePublished": "2025-10-22T16:30:00.592Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-27T16:09:06.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22174 (GCVE-0-2025-22174)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-22 19:39- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T19:39:21.470781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T19:39:25.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:04.050Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22174",
"datePublished": "2025-10-22T16:30:04.050Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-22T19:39:25.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22173 (GCVE-0-2025-22173)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-22 19:12- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T19:12:13.342584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T19:12:18.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view certain sprint data without the required permission."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:04.376Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8642"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22173",
"datePublished": "2025-10-22T16:30:04.376Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-22T19:12:18.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22172 (GCVE-0-2025-22172)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-23 17:32- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T17:32:37.765130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T17:32:42.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read external reports without the required permission."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:03.984Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8641"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22172",
"datePublished": "2025-10-22T16:30:03.984Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-23T17:32:42.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22171 (GCVE-0-2025-22171)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-23 18:11- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T18:11:49.143375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:11:55.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:01.353Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8640"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22171",
"datePublished": "2025-10-22T16:30:01.353Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-23T18:11:55.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22170 (GCVE-0-2025-22170)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-22 19:16- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T19:16:03.345408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T19:16:07.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:04.355Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8639"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22170",
"datePublished": "2025-10-22T16:30:04.355Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-22T19:16:07.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22169 (GCVE-0-2025-22169)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-22 17:24- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T17:23:53.628155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T17:24:43.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:04.452Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8638"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22169",
"datePublished": "2025-10-22T16:30:04.452Z",
"dateReserved": "2025-01-01T00:01:27.176Z",
"dateUpdated": "2025-10-22T17:24:43.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22168 (GCVE-0-2025-22168)
Vulnerability from nvd – Published: 2025-10-22 16:30 – Updated: 2025-10-24 14:45- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T14:45:17.604258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T14:45:20.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user\u0027s private checklist."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:00.663Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8637"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22168",
"datePublished": "2025-10-22T16:30:00.663Z",
"dateReserved": "2025-01-01T00:01:27.176Z",
"dateUpdated": "2025-10-24T14:45:20.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-21571 (GCVE-0-2026-21571)
Vulnerability from cvelistv5 – Published: 2026-04-21 17:00 – Updated: 2026-04-23 03:56- OS Command Injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Bamboo Data Center |
Affected:
12.1.0 to 12.1.3
Affected: 12.0.0 to 12.0.2 Affected: 11.0.0 to 11.0.8 Affected: 10.2.0 to 10.2.16 Affected: 10.1.0 to 10.1.1 Affected: 10.0.0 to 10.0.3 Affected: 9.6.2 to 9.6.24 Unaffected: 12.1.6 Unaffected: 10.2.18 Unaffected: 9.6.25 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21571",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T03:56:05.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Bamboo Data Center",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "12.1.0 to 12.1.3"
},
{
"status": "affected",
"version": "12.0.0 to 12.0.2"
},
{
"status": "affected",
"version": "11.0.0 to 11.0.8"
},
{
"status": "affected",
"version": "10.2.0 to 10.2.16"
},
{
"status": "affected",
"version": "10.1.0 to 10.1.1"
},
{
"status": "affected",
"version": "10.0.0 to 10.0.3"
},
{
"status": "affected",
"version": "9.6.2 to 9.6.24"
},
{
"status": "unaffected",
"version": "12.1.6"
},
{
"status": "unaffected",
"version": "10.2.18"
},
{
"status": "unaffected",
"version": "9.6.25"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:data_center:*:*:*",
"versionEndIncluding": "9.6.24",
"versionStartIncluding": "9.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.6:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.7:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.8:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.9:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.10:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.11:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.12:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.13:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.14:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.15:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.16:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.17:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.18:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.19:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.20:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.21:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.22:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.23:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.24:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.25:*:*:*:data_center:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0,\r\n11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.\r\n\u00a0\r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of\r\nCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H allows an authenticated attacker to execute commands\r\non the remote system, which has high impact to confidentiality, high impact to integrity, high impact to availability,\r\nand requires no user interaction.\r\n\u00a0\r\nAtlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade\r\nyour instance to one of the specified supported fixed versions:\r\n Bamboo Data Center 9.6.0: Upgrade to a release greater than or equal to 9.6.25\r\n Bamboo Data Center 10.2: Upgrade to a release greater than or equal to 10.2.18\u00a0\r\n Bamboo Data Center 12.1: Upgrade to a release greater than or equal to 12.1.6\r\n\r\nSee the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center from the download center ([https://www.atlassian.com/software/bamboo/download-archives])."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "OS Command Injection"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T17:00:05.524Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1770913890"
},
{
"url": "https://jira.atlassian.com/browse/BAM-26364"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2026-21571",
"datePublished": "2026-04-21T17:00:05.524Z",
"dateReserved": "2026-01-01T00:00:40.720Z",
"dateUpdated": "2026-04-23T03:56:05.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21570 (GCVE-0-2026-21570)
Vulnerability from cvelistv5 – Published: 2026-03-17 18:00 – Updated: 2026-03-17 18:21- RCE (Remote Code Execution)
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Bamboo Data Center |
Affected:
12.1.0 to 12.1.2
Affected: 12.0.0 to 12.0.2 Affected: 11.0.0 to 11.0.8 Affected: 10.2.0 to 10.2.15 Affected: 10.1.0 to 10.1.1 Affected: 10.0.0 to 10.0.3 Affected: 9.6.1 to 9.6.23 Unaffected: 12.1.3 Unaffected: 10.2.16 Unaffected: 9.6.24 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T18:21:29.754925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T18:21:46.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Bamboo Data Center",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "12.1.0 to 12.1.2"
},
{
"status": "affected",
"version": "12.0.0 to 12.0.2"
},
{
"status": "affected",
"version": "11.0.0 to 11.0.8"
},
{
"status": "affected",
"version": "10.2.0 to 10.2.15"
},
{
"status": "affected",
"version": "10.1.0 to 10.1.1"
},
{
"status": "affected",
"version": "10.0.0 to 10.0.3"
},
{
"status": "affected",
"version": "9.6.1 to 9.6.23"
},
{
"status": "unaffected",
"version": "12.1.3"
},
{
"status": "unaffected",
"version": "10.2.16"
},
{
"status": "unaffected",
"version": "9.6.24"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:data_center:*:*:*",
"versionEndIncluding": "9.6.23",
"versionStartIncluding": "9.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.6:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.7:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.8:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.9:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.10:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.11:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.12:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.13:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.14:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.15:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.16:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.17:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.18:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.19:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.20:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.21:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.22:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.23:*:*:*:data_center:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:9.6.24:*:*:*:data_center:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This High severity RCE (Remote Code Execution)\u00a0 vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.\r\n\r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute malicious code on the remote system.\r\n\r\nAtlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n Bamboo Data Center 9.6: Upgrade to a release greater than or equal to 9.6.24\r\n\r\n Bamboo Data Center 10.2: Upgrade to a release greater than or equal to 10.2.16\r\n\r\n Bamboo Data Center 12.1: Upgrade to a release greater than or equal to 12.1.3\r\n\r\nSee the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center from the download center ([https://www.atlassian.com/software/bamboo/download-archives]).\r\n\r\nThis vulnerability was reported via our Atlassian (Internal) program."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE (Remote Code Execution)",
"lang": "en",
"type": "RCE (Remote Code Execution)"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T18:00:00.907Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1721271371"
},
{
"url": "https://jira.atlassian.com/browse/BAM-26342"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2026-21570",
"datePublished": "2026-03-17T18:00:00.907Z",
"dateReserved": "2026-01-01T00:00:40.720Z",
"dateUpdated": "2026-03-17T18:21:46.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21569 (GCVE-0-2026-21569)
Vulnerability from cvelistv5 – Published: 2026-01-28 00:30 – Updated: 2026-01-28 14:49- XXE (XML External Entity Injection)
- CWE-611 - Improper Restriction of XML External Entity Reference
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Crowd Data Center |
Affected:
7.1.0 to 7.1.2
Unaffected: 7.1.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T14:49:16.812896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T14:49:56.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Crowd Data Center",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "7.1.0 to 7.1.2"
},
{
"status": "unaffected",
"version": "7.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. \n\t\n\tThis XXE (XML External Entity Injection) vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high impact to confidentiality, low impact to integrity, high impact to availability, and requires no user interaction. \n\t\n\tAtlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\t\t\n\t\t* Crowd Data Center and Server 7.1: Upgrade to a release greater than or equal to 7.1.3\n\t\t\n\t\t\n\t\n\tSee the release notes (https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html). You can download the latest version of Crowd Data Center and Server from the download center (https://www.atlassian.com/software/crowd/download-archive). \n\t\n\tThis vulnerability was reported via our Atlassian (Internal) program."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE (XML External Entity Injection)",
"lang": "en",
"type": "XXE (XML External Entity Injection)"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T00:30:00.557Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1712324819"
},
{
"url": "https://jira.atlassian.com/browse/CWD-6453"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2026-21569",
"datePublished": "2026-01-28T00:30:00.557Z",
"dateReserved": "2026-01-01T00:00:40.720Z",
"dateUpdated": "2026-01-28T14:49:56.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22178 (GCVE-0-2025-22178)
Vulnerability from cvelistv5 – Published: 2025-10-22 16:30 – Updated: 2025-10-22 17:21- Improper Authorization
- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T17:21:18.410947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T17:21:57.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view items on the \"Why\" page."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:04.731Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8647"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22178",
"datePublished": "2025-10-22T16:30:04.731Z",
"dateReserved": "2025-01-01T00:01:27.178Z",
"dateUpdated": "2025-10-22T17:21:57.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22169 (GCVE-0-2025-22169)
Vulnerability from cvelistv5 – Published: 2025-10-22 16:30 – Updated: 2025-10-22 17:24- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T17:23:53.628155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T17:24:43.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:04.452Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8638"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22169",
"datePublished": "2025-10-22T16:30:04.452Z",
"dateReserved": "2025-01-01T00:01:27.176Z",
"dateUpdated": "2025-10-22T17:24:43.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22173 (GCVE-0-2025-22173)
Vulnerability from cvelistv5 – Published: 2025-10-22 16:30 – Updated: 2025-10-22 19:12- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T19:12:13.342584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T19:12:18.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view certain sprint data without the required permission."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:04.376Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8642"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22173",
"datePublished": "2025-10-22T16:30:04.376Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-22T19:12:18.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22170 (GCVE-0-2025-22170)
Vulnerability from cvelistv5 – Published: 2025-10-22 16:30 – Updated: 2025-10-22 19:16- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T19:16:03.345408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T19:16:07.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:04.355Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8639"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22170",
"datePublished": "2025-10-22T16:30:04.355Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-22T19:16:07.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22174 (GCVE-0-2025-22174)
Vulnerability from cvelistv5 – Published: 2025-10-22 16:30 – Updated: 2025-10-22 19:39- Improper Authorization
- CWE-285 - Improper Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Jira Align |
Unaffected:
< 11.14.0
Affected: >= 11.14.0 Affected: >= 11.14.1 Affected: >= 11.15.0 Affected: >= 11.15.1 Affected: >= 11.16.0 Unaffected: >= 11.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T19:39:21.470781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T19:39:25.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Align",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.0"
},
{
"status": "affected",
"version": "\u003e= 11.14.1"
},
{
"status": "affected",
"version": "\u003e= 11.15.0"
},
{
"status": "affected",
"version": "\u003e= 11.15.1"
},
{
"status": "affected",
"version": "\u003e= 11.16.0"
},
{
"status": "unaffected",
"version": "\u003e= 11.16.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "Improper Authorization"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:30:04.050Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://jira.atlassian.com/browse/JIRAALIGN-8643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2025-22174",
"datePublished": "2025-10-22T16:30:04.050Z",
"dateReserved": "2025-01-01T00:01:27.177Z",
"dateUpdated": "2025-10-22T19:39:25.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}