Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Regarding CVE-2023-49070

Asokan S
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
January 2, 2024

Hi,

Does the Security vulnerability CVE-2023-49070 affect Jira Data Center running on v9.4.2? If so, is there a workaround for this security vulnerability?

Reference - https://www.bleepingcomputer.com/news/security/apache-ofbiz-rce-flaw-exploited-to-find-vulnerable-confluence-servers/

(I know that the link says Confluence, but It says in the article that Jira has this issue)

Please advice on the same.

Thanks,

Asokan

 

2 comments

Comment

Log in or Sign up to comment
Bipin Brahmanandan January 2, 2024

I think it's best to raise an Atlassian support ticket to get the official confirmation.

SEI Information Technology January 3, 2024

From Atlassian Support:

As per the feedback from the DC products team, Atlassian doesn’t use the OfBiz framework, instead, we are using a fork of the Entity Engine module of the Apache OfBiz project. Hence, the flaw is not confirmed to affect any of the Atlassian products.

Jira uses Atlassian's fork of the Entity Engine module of the Apache OfBiz project. It is only the Entity Engine module that we use, while vulnerability seems to be in the framework module.

Confluence does not use Apache ofbiz library/framework directly and hence is not vulnerable to CVE-2023-49070.

Like Bipin Brahmanandan likes this
TAGS
AUG Leaders

Atlassian Community Events