Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Trivy vulnerabiltiy scan of atlassian/jira-software:9.11.0 image picks up critical vulnerabilities

Saul Williamson
Saul Williamson
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 19, 2023

Ran trivy image vulnerability scanner on atlassian/jira-software:9.11.0. It is picking up a number of critical vulnerabilities listed below.

Looking through old tickets and other documentation some of these are considered non-applicable.  But the following items are still of concern:

org.yaml:snakeyaml
CVE-2022-1471

org.eclipse.jetty:jetty-server
CVE-2017-7658
CVE-2017-7657

List of critical vulnerabilities picked up by Trivy image security scan:

PackageVulnerability IDSeverityInstalled VersionFixed Version
com.fasterxml.jackson.core:jackson-databindCVE-2017-15095CRITICAL2.3.32.7.9.2, 2.8.10, 2.9.1
com.fasterxml.jackson.core:jackson-databindCVE-2018-11307CRITICAL2.3.32.7.9.4, 2.8.11.2, 2.9.6
com.fasterxml.jackson.core:jackson-databindCVE-2018-14718CRITICAL2.3.32.6.7.2, 2.9.7
com.fasterxml.jackson.core:jackson-databindCVE-2018-7489CRITICAL2.3.32.7.9.3, 2.8.11.1, 2.9.5
com.fasterxml.jackson.core:jackson-databindCVE-2019-14540CRITICAL2.3.32.9.10
com.fasterxml.jackson.core:jackson-databindCVE-2019-14893CRITICAL2.3.32.8.11.5, 2.9.10
com.fasterxml.jackson.core:jackson-databindCVE-2019-16335CRITICAL2.3.32.9.10
com.fasterxml.jackson.core:jackson-databindCVE-2019-16942CRITICAL2.3.32.9.10.1
com.fasterxml.jackson.core:jackson-databindCVE-2019-16943CRITICAL2.3.32.9.10.1
com.fasterxml.jackson.core:jackson-databindCVE-2019-17267CRITICAL2.3.32.9.10
com.fasterxml.jackson.core:jackson-databindCVE-2019-17531CRITICAL2.3.32.9.10.1
com.fasterxml.jackson.core:jackson-databindCVE-2019-20330CRITICAL2.3.32.8.11.5, 2.9.10.2
org.eclipse.jetty:jetty-serverCVE-2017-7657CRITICAL8.1.15.v201404119.2.25.v20180606, 9.3.24.v20180605
org.eclipse.jetty:jetty-serverCVE-2017-7658CRITICAL8.1.15.v201404119.2.26.v20180806, 9.3.24.v20180605, 9.4.11.v20180605
org.springframework:spring-webCVE-2016-1000027CRITICAL5.3.266.0.0
org.yaml:snakeyamlCVE-2022-1471CRITICAL1.192
Answer
Watch
Like Be the first to like this
2165 views

1 answer

0 votes
Ismael Jimoh
Ismael Jimoh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
November 1, 2018

Hi,

 

try spint was ‘value of old sprint’

that should help. Note though that if an issue was ever in the sprint you mentioned then it’ll also be listed.

View More Comments
Ismael Jimoh
Ismael Jimoh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
November 1, 2018

Sorry there is no JQL operation to filter for sprint was

Like
jrii
jrii
Contributor
November 2, 2018

ok, thanks from your effort still.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security