Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Impact of CVE-2023-51467 on Jira/Confluence

Ana Martinez Arroyo
Ana Martinez Arroyo January 1, 2024

Hello, 

 

We use Jira et Confluence Data Center. 

I saw the vulnerability CVE-2023-51467, regarding to Apache OFBiz. Our Atlassian Products are impacted? Do they use Apache OFBiz? 

Thanks! 

Answer
Watch
Like # people like this
3899 views

1 answer

Suggest an answer

Log in or Sign up to answer
2 votes
Admin Jira
Admin Jira January 2, 2024

Hello Ana,

The editor has given a response :

Jira DC
Jira DC uses Atlassian's fork of the Entity Engine module of the Apache OfBiz project. We use only the Entity Engine module, while the vulnerability is in the framework module.

Confluence DC
Confluence does not use the Apache OfBiz library and is not vulnerable to this vulnerability.

 

Regards.

Abdel.

View More Comments
Reply
dominikmaier
dominikmaier
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 2, 2024

Hello Abdel,

Does this also apply to Jira/Confluence Server Version?

 

Best,

Dominik

Like # people like this
PIERSON Cédric
PIERSON Cédric January 3, 2024

Dear all, 

I receive a message from my company to solve this issue.

Can you confirm that server version is impacted ? 

even if we will use DC licenses after the 15th february, I need to know if this issue impact Jira and Confluence Server.

Regards,

Cédric

Like
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events