There is a present BSI safety alert for Atlassian Jira software program (knowledge middle and server). Several dangers have been recognized. Here yow will discover out what threatens the IT safety of Linux, MacOS X and Windows programs, how excessive the chance degree is and what involved customers ought to take note of.
Federal workplace for Security in Information Technology (BSI) has revealed a safety advisory for Atlassian Jira Software (knowledge middle and server) on May 21, 2024. The report highlights a number of vulnerabilities that may be exploited by attackers. Linux, MacOS X and Windows working programs and the Atlassian Jira Software product are affected by the safety hole.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Atlassian Vulnerability JSWSERVER-25948 (From 21 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple vulnerabilities have been reported for Atlassian Jira Software (Data Center and Server) – Vulnerability: High
Risk degree: 4 (excessive)
CVSS Base Score: 9.8
CVSS provisional rating: 8,5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in laptop programs. The CVSS commonplace makes it attainable to check potential or precise safety dangers based mostly on numerous metrics in an effort to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For short-term impact, body situations which will change over time are thought-about within the take a look at. According to CVSS, the present vulnerability risk is taken into account “excessive” on the premise of 9.8 factors.
Atlassian Jira Software (Data Center and Server) Bug: Vulnerabilities and CVE numbers
Jira is an internet utility for software program growth.
A distant, unknown attacker might exploit a number of vulnerabilities within the Atlassian Jira Software Data Center and servers to trigger a denial of service, execute malicious code, or manipulate knowledge.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) serial numbers. CVE-2022-25647, CVE-2022-41966, CVE-2024-1597, CVE-2024-22257 and CVE-2024-23672 on the market.
Systems affected by the safety hole at a look
Operating programs
Linux, MacOS X, Windows
Products
Atlassian Jira Software Data Center and Server Atlassian Jira Software Data Center and Server Atlassian Jira Software Data Center and Server Atlassian Jira Software Data Center and Server Atlassian Jira Software Data Center and Server Data Center Atlassian Jira and Server Data Center for Atlassian Jira and Server for Atlassian Jira Software Data Center and Server Atlassian Jira Software Data Center and Server Atlassian Jira Software Data Center and Server
General steps for coping with IT vulnerabilities
- Users of affected programs ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually accommodates extra details about the newest model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to examine each time a producing firm makes a brand new safety replace obtainable.
Sources for updates, patches and workarounds
Here you can find some hyperlinks with details about bug stories, safety fixes and workarounds.
Atlassian Vulnerability JSWSERVER-25948 vom 2024-05-21 (21.05.2024)
For extra data, see:
Atlassian Vulnerability JSWSERVER-25905 vom 2024-05-21 (21.05.2024)
For extra data, see:
Atlassian Vulnerability JSWSERVER-25896 vom 2024-05-21 (21.05.2024)
For extra data, see:
Atlassian Vulnerability JSWSERVER-25949 vom 2024-05-21 (21.05.2024)
For extra data, see:
Atlassian Vulnerability JSWSERVER-25950 vom 2024-05-21 (21.05.2024)
For extra data, see:
Atlassian Security Bulletin May 2024 vom 2024-05-21 (21.05.2024)
For extra data, see:
Version historical past of this safety alert
This is the primary model of this IT safety discover for Atlassian Jira Software (knowledge middle and server). This doc shall be up to date as updates are introduced. You can see the modifications made utilizing the model historical past under.
May 21, 2024 – First model
+++ Editorial be aware: This doc relies on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you can find scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de