Hey everybody, it's May and it is the third Tuesday of the month so that means we're back again with the May 2024 Security Bulletin!
This month we have a hefty bulletin with 37 issues across Bamboo, Bitbucket, Confluence, Crowd, Jira, and Jira Service Management.
I have a few special notes this time around:
CVE-2024-1597 - CVSS 9.8 for Confluence and Jira Data Center (NOT AFFECTED)
Of Special Note - This bulletin is we have two instances of CVE-2024-1597 rated as a CVSS 9.8 Critical for Confluence Data Center & Jira Data Center - like in previous months - this vulnerability is present in our monthly Security Bulletin instead of a Critical Security Advisory because NO ATLASSIAN Products are functionally AFFECTED by this vulnerability. The exploit relies on a particular configuration of PostgreSQL that is NOT utilized by Atlassian.
We've included some notes on the bulletin and Jira tickets to indicate as such in our disclosure, but in these cases no action is required.
Transparency API Updates
On another note - in the last few weeks we've published a few updates to our Transparency API. We've pushed some bug fixes for issues relating to timeouts and "null" responses as well as updating the behavior of the API to be more explicit to indicate if a particular product version is affected by CVEs. NO Changes have been made to the format of the data so it should not impact any existing integrations you might have in place. You can read more here: https://developer.atlassian.com/platform/security-vulnerability-api/release-notes/changelog/
Thanks, and see y'all next time on June 18th for our next security bulletin!
0 comments