bitvoodoo Security Advisories

Atlassian

Title	Date	Vulnerability	Product
February 2025 Security Bulletin - Confluence and Crowd	24 Feb 2025	Critical	Confluence Data Center and Server Crowd Data Center and Server
RCE Vulnerability in Out-of-Date Versions of Confluence Data Center and Server	16 Jan 2024	critical	Confluence Data Center Confluence Server
RCE Vulnerabilities Identified in Multiple Products 2023-12-06	06 Dec 2023	Critical	Atlassian Server and Data Center Confluence Data Center and Server Jira Software Data Center and Server Jira Service Management Data Center and Server Jira Core Data Center and Server Bitbucket Data Center and Server Atlassian Server and Data Center 3rd-party Apps Confluence Cloud Migration App (CCMA) Automation for Jira (A4J) app (including Server Lite edition) Assets Discovery (stand-alone app) Atlassian Cloud Assets Discovery (stand-alone app)
Improper Authorization Vulnerability In Confluence Data Center and Confluence Server	30 Oct 2023	critical	Confluence Server and Data Center
XXE (XML External Entity Injection) Vulnerability In Jira Service Management Data Center and Jira Service Management Server	17 Oct 2023	high (8.4)	Jira Service Management Data Center Jira Service Management Server
Confluence Security Advisory 2023-10-04 - Privilege Escalation Vulnerability	04 Oct 2023	Critical	Confluence Data Center and Server Atlassian Cloud Instances are not affected
Multiple Products Security Advisory 2023-02-15	15 Feb 2023	Critical	Bitbucket Server and Data Center Bamboo Server and Data Center Fisheye Crucible Sourcetree Atlassian Cloud sites are not affected.
Jira Service Management Server and Data Center Security Advisory 2023-02-01	01 Feb 2023	Critical	Jira Service Management Server Jira Service Management Data Center
Bitbucket Server and Data Center Security Advisory 2022-08-24	24 Aug 2022	Critical	Bitbucket Server Bitbucket Data Center
Multiple Products Security Advisory 2022-07-20	20 Jul 2022	Critical	Bamboo Server and Data Center Bitbucket Server and Data Center Confluence Server and Data Center Crowd Server and Data Center Fisheye and Crucible Jira Server and Data Center Jira Service Management Server and Data Center

3rd party vendors

Title	Date	Vulnerability	Base product
Kantega SSO Enterprise - 2023-11-08	08 Nov 2023	Critical	Jira / Confluence / Bitbucket / Bamboo
Capture for Jira - 2021-12-20	20 Dec 2021	Critical	Jira
Zephyr Squad - 2021-12-20	20 Dec 2021	Critical	Jira
PTC & STC Insight Extension - 2021-12-20	20 Dec 2021	Critical	Confluence
Linchpin Intranet Suite & Linchpin Essentials - 2021-09-09	09 Sept 2021	High	Confluence
SAML Single Sign On (by resolution) - 2021-08-12	12 Aug 2021	Critical	Jira, Confluence, Bitbucket, Bamboo, Fisheye
SAML Single Sign On (by resolution) - 2021-07-29	29 Jul 2021	Critical	Jira, Confluence, Bitbucket, Bamboo, Fisheye
Jira Server for Slack (Official) - 2021-02-17	17 Feb 2021	Critical	Jira
Metadata for Confluence - 2020-11-19	19 Nov 2020	Medium	Confluence
Email This Issue - 2020-02-18	18 Feb 2020	Critical	Jira

Other

Title	Date	Vulnerability	Base product
Log4Shell - bitvoodoo Security Advisory - 2021-12-13	13 Dec 2021	Critical
Log4Shell - bitvoodoo apps - 2021-12-13	13 Dec 2021	Not applicable

Atlassian

3rd party vendors

Other

Pages

Recently updated

Favourite Pages