Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-31597 (GCVE-0-2021-31597)
Vulnerability from cvelistv5 – Published: 2021-04-22 23:52 – Updated: 2024-08-03 23:03
VLAI
EPSS
Summary
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
Severity
9.4 (Critical)
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://people.kingsds.network/wesgarland/xmlhttp… | x_refsource_MISC |
| https://github.com/mjwwit/node-XMLHttpRequest/com… | x_refsource_MISC |
| https://github.com/mjwwit/node-XMLHttpRequest/com… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021061… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210618-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T09:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210618-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt",
"refsource": "MISC",
"url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"
},
{
"name": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1",
"refsource": "MISC",
"url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"
},
{
"name": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2",
"refsource": "MISC",
"url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210618-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210618-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31597",
"datePublished": "2021-04-22T23:52:48.000Z",
"dateReserved": "2021-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:03:33.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-31597",
"date": "2026-06-17",
"epss": "0.02056",
"percentile": "0.78788"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xmlhttprequest-ssl_project:xmlhttprequest-ssl:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"1.6.1\", \"matchCriteriaId\": \"FBCD5604-E3C3-47BE-B429-6AAB717E7DB8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.\"}, {\"lang\": \"es\", \"value\": \"El paquete xmlhttprequest-ssl versiones anteriores a 1.6.1 para Node.js deshabilita la comprobaci\\u00f3n del certificado SSL por defecto, porque acceptUnauthorized (cuando la propiedad existe pero no est\\u00e1 definida) se considera falso dentro de la funci\\u00f3n https.request de Node.js.\u0026#xa0;En otras palabras, nunca se rechaza ning\\u00fan certificado\"}]",
"id": "CVE-2021-31597",
"lastModified": "2024-11-21T06:05:57.877",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L\", \"baseScore\": 9.4, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-04-23T00:15:08.283",
"references": "[{\"url\": \"https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210618-0004/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210618-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-31597\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-04-23T00:15:08.283\",\"lastModified\":\"2024-11-21T06:05:57.877\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.\"},{\"lang\":\"es\",\"value\":\"El paquete xmlhttprequest-ssl versiones anteriores a 1.6.1 para Node.js deshabilita la comprobaci\u00f3n del certificado SSL por defecto, porque acceptUnauthorized (cuando la propiedad existe pero no est\u00e1 definida) se considera falso dentro de la funci\u00f3n https.request de Node.js.\u0026#xa0;En otras palabras, nunca se rechaza ning\u00fan certificado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":5.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlhttprequest-ssl_project:xmlhttprequest-ssl:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.6.1\",\"matchCriteriaId\":\"FBCD5604-E3C3-47BE-B429-6AAB717E7DB8\"}]}]}],\"references\":[{\"url\":\"https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210618-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210618-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-351
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les logiciels Juniper . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Networking versions antérieures à 2011.L4 et 21.3 | ||
| Juniper Networks | N/A | JIMS versions antérieures à 1.4.0 | ||
| Juniper Networks | N/A | Paragon Active Assurance versions 3.3.x | ||
| Juniper Networks | Secure Analytics | Secure Analytics versions 7.4.x anttérieures à 7.4.2 FixPack 2 | ||
| Juniper Networks | Secure Analytics | Secure Analytics versions 7.3.x antérieures à 7.3.3 FixPack 7 | ||
| Juniper Networks | N/A | Paragon Active Assurance versions 3.1.x | ||
| Juniper Networks | N/A | Contrail Service Orchestration versions 6.0.x antérieures à 6.0.0 Patch v3 | ||
| Juniper Networks | N/A | Paragon Active Assurance versions 3.2.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 2011.L4 et 21.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "JIMS versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions 3.3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics versions 7.4.x antt\u00e9rieures \u00e0 7.4.2 FixPack 2",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 FixPack 7",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions 3.1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail Service Orchestration versions 6.0.x ant\u00e9rieures \u00e0 6.0.0 Patch v3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions 3.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2021-34552",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34552"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2019-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
},
{
"name": "CVE-2021-25289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25289"
},
{
"name": "CVE-2019-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
},
{
"name": "CVE-2021-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3560"
},
{
"name": "CVE-2015-8315",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8315"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2018-1000654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
},
{
"name": "CVE-2022-22190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22190"
},
{
"name": "CVE-2019-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
},
{
"name": "CVE-2021-31597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31597"
},
{
"name": "CVE-2014-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
},
{
"name": "CVE-2022-22189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22189"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
},
{
"name": "CVE-2020-35654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35654"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-22187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22187"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-351",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les logiciels\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les logiciels Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69504 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Juniper-Secure-Analytics-JSA-Series-Heap-Based-Buffer-Overflow-in-Sudo-CVE-2021-3156?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69495 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-JIMS-Local-Privilege-Escalation-vulnerability-via-repair-functionality-CVE-2022-22187?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69506 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Paragon-Active-Assurance-Local-Privilege-Escalation-in-polkits-pkexec-CVE-2021-4034?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69498 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Service-Orchestration-An-authenticated-local-user-may-have-their-permissions-elevated-via-the-device-via-management-interface-without-authentication-CVE-2022-22189?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69507 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-3-CVE-yyyy-nnnn?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69500 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-in-crafted-URL-CVE-2022-22190?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69510 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L4?language=en_US"
}
]
}
CERTFR-2022-AVI-351
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les logiciels Juniper . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Networking versions antérieures à 2011.L4 et 21.3 | ||
| Juniper Networks | N/A | JIMS versions antérieures à 1.4.0 | ||
| Juniper Networks | N/A | Paragon Active Assurance versions 3.3.x | ||
| Juniper Networks | Secure Analytics | Secure Analytics versions 7.4.x anttérieures à 7.4.2 FixPack 2 | ||
| Juniper Networks | Secure Analytics | Secure Analytics versions 7.3.x antérieures à 7.3.3 FixPack 7 | ||
| Juniper Networks | N/A | Paragon Active Assurance versions 3.1.x | ||
| Juniper Networks | N/A | Contrail Service Orchestration versions 6.0.x antérieures à 6.0.0 Patch v3 | ||
| Juniper Networks | N/A | Paragon Active Assurance versions 3.2.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 2011.L4 et 21.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "JIMS versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions 3.3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics versions 7.4.x antt\u00e9rieures \u00e0 7.4.2 FixPack 2",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 FixPack 7",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions 3.1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail Service Orchestration versions 6.0.x ant\u00e9rieures \u00e0 6.0.0 Patch v3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions 3.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2021-34552",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34552"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2019-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
},
{
"name": "CVE-2021-25289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25289"
},
{
"name": "CVE-2019-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
},
{
"name": "CVE-2021-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3560"
},
{
"name": "CVE-2015-8315",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8315"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2018-1000654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
},
{
"name": "CVE-2022-22190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22190"
},
{
"name": "CVE-2019-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
},
{
"name": "CVE-2021-31597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31597"
},
{
"name": "CVE-2014-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
},
{
"name": "CVE-2022-22189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22189"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
},
{
"name": "CVE-2020-35654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35654"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-22187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22187"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-351",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les logiciels\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les logiciels Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69504 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Juniper-Secure-Analytics-JSA-Series-Heap-Based-Buffer-Overflow-in-Sudo-CVE-2021-3156?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69495 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-JIMS-Local-Privilege-Escalation-vulnerability-via-repair-functionality-CVE-2022-22187?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69506 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Paragon-Active-Assurance-Local-Privilege-Escalation-in-polkits-pkexec-CVE-2021-4034?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69498 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Service-Orchestration-An-authenticated-local-user-may-have-their-permissions-elevated-via-the-device-via-management-interface-without-authentication-CVE-2022-22189?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69507 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-3-CVE-yyyy-nnnn?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69500 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-in-crafted-URL-CVE-2022-22190?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69510 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L4?language=en_US"
}
]
}
CERTFR-2026-AVI-0479
Vulnerability from certfr_avis - Published: 2026-04-22 - Updated: 2026-04-22
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions 10.x antérieures à 10.2.10 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.x antérieures à 11.3.4 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.33 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.19 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.x antérieures à 10.3.19 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.34 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.19 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.13 | ||
| Atlassian | Jira | Jira Software Server versions 10.x antérieures à 10.3.16 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.x antérieures à 11.3.4 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions 10.x ant\u00e9rieures \u00e0 10.2.10",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.x ant\u00e9rieures \u00e0 11.3.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.33",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.19",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.19",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.34",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.19",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.13",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.3.16",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.x ant\u00e9rieures \u00e0 11.3.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2023-48631",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48631"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2021-31597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31597"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2025-66020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66020"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2026-04-22T00:00:00",
"last_revision_date": "2026-04-22T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0479",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26754",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26754"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16542",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16542"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26657",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26657"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16551",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16551"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26764",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26764"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103476",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103476"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103467",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103467"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103471",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103471"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103469",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103469"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103475",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103475"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16544",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16544"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103470",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103470"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103472",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103472"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103612",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103612"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103539",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103539"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103474",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103474"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26666",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26666"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16557",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16557"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103517",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103517"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16550",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16550"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16540",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16540"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26765",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26765"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26763",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26763"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26760",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26760"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16552",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16552"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16556",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16556"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102567",
"url": "https://jira.atlassian.com/browse/CONFSERVER-102567"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103473",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103473"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103516",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103516"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103518",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103518"
}
]
}
FKIE_CVE-2021-31597
Vulnerability from fkie_nvd - Published: 2021-04-23 00:15 - Updated: 2024-11-21 06:05
Severity
Summary
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1 | Patch, Release Notes, Third Party Advisory | |
| cve@mitre.org | https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt | Exploit, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210618-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210618-0004/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlhttprequest-ssl_project | xmlhttprequest-ssl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlhttprequest-ssl_project:xmlhttprequest-ssl:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "FBCD5604-E3C3-47BE-B429-6AAB717E7DB8",
"versionEndExcluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected."
},
{
"lang": "es",
"value": "El paquete xmlhttprequest-ssl versiones anteriores a 1.6.1 para Node.js deshabilita la comprobaci\u00f3n del certificado SSL por defecto, porque acceptUnauthorized (cuando la propiedad existe pero no est\u00e1 definida) se considera falso dentro de la funci\u00f3n https.request de Node.js.\u0026#xa0;En otras palabras, nunca se rechaza ning\u00fan certificado"
}
],
"id": "CVE-2021-31597",
"lastModified": "2024-11-21T06:05:57.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-23T00:15:08.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210618-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210618-0004/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-72MH-269X-7MH5
Vulnerability from github – Published: 2021-05-24 19:52 – Updated: 2021-05-20 21:59
VLAI
Summary
Improper Certificate Validation in xmlhttprequest-ssl
Details
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
Severity
9.4 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "xmlhttprequest-ssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-31597"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-20T21:59:29Z",
"nvd_published_at": "2021-04-23T00:15:00Z",
"severity": "CRITICAL"
},
"details": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.",
"id": "GHSA-72mh-269x-7mh5",
"modified": "2021-05-20T21:59:29Z",
"published": "2021-05-24T19:52:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31597"
},
{
"type": "WEB",
"url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"
},
{
"type": "WEB",
"url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"
},
{
"type": "WEB",
"url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210618-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Improper Certificate Validation in xmlhttprequest-ssl"
}
GSD-2021-31597
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-31597",
"description": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.",
"id": "GSD-2021-31597"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-31597"
],
"details": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.",
"id": "GSD-2021-31597",
"modified": "2023-12-13T01:23:13.298701Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt",
"refsource": "MISC",
"url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"
},
{
"name": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1",
"refsource": "MISC",
"url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"
},
{
"name": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2",
"refsource": "MISC",
"url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210618-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210618-0004/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.6.1",
"affected_versions": "All versions before 1.6.1",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-295",
"CWE-937"
],
"date": "2021-12-08",
"description": "The xmlhttprequest-ssl package for Node.js disables SSL certificate validation by default, because `rejectUnauthorized` (when the property exists but is undefined) is considered to be false within the `https.request` function of Node.js. In other words, no certificate is ever rejected.",
"fixed_versions": [
"1.6.1"
],
"identifier": "CVE-2021-31597",
"identifiers": [
"CVE-2021-31597"
],
"not_impacted": "All versions starting from 1.6.1",
"package_slug": "npm/xmlhttprequest-ssl",
"pubdate": "2021-04-23",
"solution": "Upgrade to version 1.6.1 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-31597"
],
"uuid": "204c0a15-a193-4adf-a4dd-61d5d54f8097"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xmlhttprequest-ssl_project:xmlhttprequest-ssl:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "1.6.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31597"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"
},
{
"name": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"
},
{
"name": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1",
"refsource": "MISC",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210618-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210618-0004/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
},
"lastModifiedDate": "2021-12-08T20:27Z",
"publishedDate": "2021-04-23T00:15Z"
}
}
}
WID-SEC-W-2026-1229
Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-05-25 22:00Summary
Atlassian Bamboo, Bitbucket, Confluence, Jira: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.
Confluence ist eine kommerzielle Wiki-Software.
Jira ist eine Webanwendung zur Softwareentwicklung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder Cross-Site-Scripting-Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
References
15 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://confluence.atlassian.com/security/securit… | external |
| https://access.redhat.com/errata/RHSA-2026:10209 | external |
| https://access.redhat.com/errata/RHSA-2026:10205 | external |
| https://access.redhat.com/errata/RHSA-2026:10215 | external |
| https://access.redhat.com/errata/RHSA-2026:10206 | external |
| https://access.redhat.com/errata/RHSA-2026:10204 | external |
| https://access.redhat.com/errata/RHSA-2026:10211 | external |
| https://access.redhat.com/errata/RHSA-2026:10214 | external |
| https://access.redhat.com/errata/RHSA-2026:10213 | external |
| https://access.redhat.com/errata/RHSA-2026:10201 | external |
| https://access.redhat.com/errata/RHSA-2026:11070 | external |
| https://www.ibm.com/support/pages/node/7271910 | external |
| https://access.redhat.com/errata/RHSA-2026:20034 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1229 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1229.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1229 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1229"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - April 21 2026 vom 2026-04-21",
"url": "https://confluence.atlassian.com/security/security-bulletin-april-21-2026-1770913890.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10209 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10209"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10205 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10205"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10215 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10215"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10206 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10206"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10204 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10204"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10211 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10211"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10214 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10213 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10213"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10201 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10201"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11070 vom 2026-04-28",
"url": "https://access.redhat.com/errata/RHSA-2026:11070"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271910 vom 2026-05-06",
"url": "https://www.ibm.com/support/pages/node/7271910"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20034 vom 2026-05-26",
"url": "https://access.redhat.com/errata/RHSA-2026:20034"
}
],
"source_lang": "en-US",
"title": "Atlassian Bamboo, Bitbucket, Confluence, Jira: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-25T22:00:00.000+00:00",
"generator": {
"date": "2026-05-26T12:16:36.572+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1229",
"initial_release_date": "2026-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-23T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-27T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.1.6",
"product": {
"name": "Atlassian Bamboo \u003c12.1.6",
"product_id": "T053202"
}
},
{
"category": "product_version",
"name": "12.1.6",
"product": {
"name": "Atlassian Bamboo 12.1.6",
"product_id": "T053202-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:12.1.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.18",
"product": {
"name": "Atlassian Bamboo \u003c10.2.18",
"product_id": "T053203"
}
},
{
"category": "product_version",
"name": "10.2.18",
"product": {
"name": "Atlassian Bamboo 10.2.18",
"product_id": "T053203-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.18"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.2.2",
"product_id": "T053207"
}
},
{
"category": "product_version",
"name": "10.2.2",
"product": {
"name": "Atlassian Bitbucket 10.2.2",
"product_id": "T053207-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.2.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.19",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.19",
"product_id": "T053209"
}
},
{
"category": "product_version",
"name": "9.4.19",
"product": {
"name": "Atlassian Bitbucket 9.4.19",
"product_id": "T053209-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.19"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.10",
"product": {
"name": "Atlassian Confluence \u003c10.2.10",
"product_id": "T053211"
}
},
{
"category": "product_version",
"name": "10.2.10",
"product": {
"name": "Atlassian Confluence 10.2.10",
"product_id": "T053211-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.2.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.19",
"product": {
"name": "Atlassian Confluence \u003c9.2.19",
"product_id": "T053213"
}
},
{
"category": "product_version",
"name": "9.2.19",
"product": {
"name": "Atlassian Confluence 9.2.19",
"product_id": "T053213-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:9.2.19"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.3.4",
"product": {
"name": "Atlassian Jira \u003c11.3.4",
"product_id": "T053215"
}
},
{
"category": "product_version",
"name": "11.3.4",
"product": {
"name": "Atlassian Jira 11.3.4",
"product_id": "T053215-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:11.3.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.3.19",
"product": {
"name": "Atlassian Jira \u003c10.3.19",
"product_id": "T053216"
}
},
{
"category": "product_version",
"name": "10.3.19",
"product": {
"name": "Atlassian Jira 10.3.19",
"product_id": "T053216-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:10.3.19"
}
}
},
{
"category": "product_version_range",
"name": "Service Management \u003c11.3.4",
"product": {
"name": "Atlassian Jira Service Management \u003c11.3.4",
"product_id": "T053218"
}
},
{
"category": "product_version",
"name": "Service Management 11.3.4",
"product": {
"name": "Atlassian Jira Service Management 11.3.4",
"product_id": "T053218-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:service_management__11.3.4"
}
}
},
{
"category": "product_version_range",
"name": "Service Management \u003c10.3.19",
"product": {
"name": "Atlassian Jira Service Management \u003c10.3.19",
"product_id": "T053221"
}
},
{
"category": "product_version",
"name": "Service Management 10.3.19",
"product": {
"name": "Atlassian Jira Service Management 10.3.19",
"product_id": "T053221-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:service_management__10.3.19"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T052517",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Container Platform release 4.21.17",
"product": {
"name": "Red Hat OpenShift Container Platform release 4.21.17",
"product_id": "T054688",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_release_4.21.17"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-0341",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2021-0341"
},
{
"cve": "CVE-2021-31597",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2021-31597"
},
{
"cve": "CVE-2022-1471",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2022-25927",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2022-25927"
},
{
"cve": "CVE-2023-1370",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2023-3635",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3635"
},
{
"cve": "CVE-2023-48631",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2023-48631"
},
{
"cve": "CVE-2024-29371",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2024-29371"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2024-47875",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-66020",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-66020"
},
{
"cve": "CVE-2026-21571",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-21571"
},
{
"cve": "CVE-2026-22029",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-22029"
},
{
"cve": "CVE-2026-23745",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-23745"
},
{
"cve": "CVE-2026-23950",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-23950"
},
{
"cve": "CVE-2026-24734",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-24734"
},
{
"cve": "CVE-2026-24842",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-24842"
},
{
"cve": "CVE-2026-24880",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-24880"
},
{
"cve": "CVE-2026-25547",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-25639",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-25639"
},
{
"cve": "CVE-2026-26960",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-26960"
},
{
"cve": "CVE-2026-29063",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-29063"
},
{
"cve": "CVE-2026-31802",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-31802"
},
{
"cve": "CVE-2026-33870",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33870"
},
{
"cve": "CVE-2026-33871",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33871"
},
{
"cve": "CVE-2026-34487",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34487"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…