Impact of CVE-2023-51467 on Jira/Confluence

Ana Martinez Arroyo
Contributor
January 1, 2024

Hello, 

 

We use Jira et Confluence Data Center. 

I saw the vulnerability CVE-2023-51467, regarding to Apache OFBiz. Our Atlassian Products are impacted? Do they use Apache OFBiz? 

Thanks! 

1 answer

Suggest an answer

Log in or Sign up to answer
2 votes
Admin Jira
Contributor
January 2, 2024

Hello Ana,

The editor has given a response :

Jira DC
Jira DC uses Atlassian's fork of the Entity Engine module of the Apache OfBiz project. We use only the Entity Engine module, while the vulnerability is in the framework module.

Confluence DC
Confluence does not use the Apache OfBiz library and is not vulnerable to this vulnerability.

 

Regards.

Abdel.

dominikmaier
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
January 2, 2024

Hello Abdel,

Does this also apply to Jira/Confluence Server Version?

 

Best,

Dominik

Like # people like this
PIERSON Cédric January 3, 2024

Dear all, 

I receive a message from my company to solve this issue.

Can you confirm that server version is impacted ? 

even if we will use DC licenses after the 15th february, I need to know if this issue impact Jira and Confluence Server.

Regards,

Cédric

TAGS
AUG Leaders

Atlassian Community Events