Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira
20-June-24
Atlassian has released software updates addressing multiple high-severity vulnerabilities in Confluence, Crucible, and Jira. The Confluence updates fix six security issues, including a critical broken access control flaw (CVE-2024-22257) and three SSRF vulnerabilities in the Spring Framework, as well as two out-of-bounds write bugs in Apache Commons Configuration. Crucible updates resolve a deserialization vulnerability in the gson package. Jira updates address an information disclosure vulnerability (CVE-2024-21685). These patches are included in the latest versions of each software, and Atlassian notes no known exploitation of these vulnerabilities in the wild.
