Hi ,Have a Good Day , we are using the atlassian/jira-software:8.9 image from hub.Docker.com in our Env
We found some vulnerabilities while scanning the image through Atrifactory X-ray scanner
FasterXML jackson-databind before 220.127.116.11, 2.8.x
before 18.104.22.168 and 2.9.x before 2.9.5 allows
unauthenticated remote code execution because of
an incomplete fix for the CVE-2017-7525
deserialization flaw. This is exploitable by sending
maliciously crafted JSON input to the readValue
method of the ObjectMapper, bypassing a blacklist
that is ineffective if the c3p0 libraries are available
in the classpath.
High security JFrog com.fasterxml.jackson.core:ja
< 22.214.171.124,2.8.0 <= Version <
126.96.36.199,2.9.0.pr1 <= Version < 2.9.5
Fixed version = 2.9.5,188.8.131.52,184.108.40.206 2020-08-11T02:11:
Hi All! We’re excited to share the launch of an announcement banner that lets Jira site administrators communicate directly to their users across their Jira Cloud instance. ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events