Trust & Security

I'd like to know if Atlassian was impacted by any of these: CVE-2023-46805 (Authentication Bypass) in the web component of Ivanti ICS CVE-2024-21887 (Command Injection) for Ivanti Connect Sec...

Toño asked a question 5 6 February 21, 2024

...ira Ticket Details For the published Public Security Vulnerability tickets on Jira.Atlassian.com, as part of this bulletin, we have published a detailed Affected & Fixed Version table specific to t...

Lee Berg started a discussion 18 26 February 20, 2024

Following on from our FY22 Annual Bug Bounty Report, we have updated the FY23 report to reflect a full year of statistics and data about our Bug Bounty Programs as part of our overall Cloud Vulnerabi...

Ben Howe started a discussion 14 0 February 13, 2024

Hello, The attestation of compliance provided here is for the previous year: https://www.atlassian.com/trust/compliance/resources/pci-dss When will the new version be published? Thanks

Joseph Kang asked a question 0 4 February 12, 2024

Hello, out security team reported, that the integrated SSH server in Bitbucket is vulnerable to a weakness called terrapin, which allows man-in-the-middle-attack. What is the status regarding a sec...

DW asked a question 4 3 February 12, 2024

Hi community! My name is Guy and I’m from the Ecosystem team at Atlassian. We're working on a feature that will let customers manage apps' access to your organization’s data through a data security...

Guy Tuckwell started a discussion 5 0 February 8, 2024

On February 1, Cloudflare has concluded its investigation of an incident that occurred in November 2023, during which a threat actor gained access to Cloudflare’s Atlassian Data Center instances...

Dan Hranj started a discussion 12 1 February 2, 2024

Hello community members! I’m Tiffany, Associate Product Manager on the Confluence team. Last year, we launched Confluence Public Links that enabled anyone on the internet to view Confluence pages....

Tiffany Chung started a discussion 0 0 January 23, 2024

Hi, I registered to report that the bitbucket cloud is used by spammers and phishers (I don't see any other way to convey information to technical support) - the link https_://bitbucket.org/dsns...

tartak1983 asked a question 9 1 January 22, 2024

Overview The Health Insurance Portability and Accountability Act (HIPAA) is a federal law developed by the U.S. Department of Health and Human Services and was established in 1996. It was...

Hema Vadodaria published an article 5 0 January 19, 2024

FYI, I have consistently been getting these DMARC fail notifications from automated community notifications for a couple of weeks at least. They are almost certainly generated by replies to messages ...

Justin Warwick asked a question 1 1 January 19, 2024

Overview The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 167 national standards bodies. ISO br...

Sanika Bhurke published an article 6 0 January 16, 2024

Take immediate action to protect your instance We have discovered that Confluence Data Center and Server customers on out-of-date versions including 8.4.5 are vulnerable to a remote code execution ...

Emir Mutlu published an article 9 0 January 16, 2024

At the start of each quarter, we publish a roll-up report from each of our Bug Bounty programs to give our customers a view of the progress of the program and the vulnerabilities. For many customers,...

Ben Howe published an article 4 0 January 15, 2024

Overview System and Organization Controls (SOC) Reports are independent third-party examination reports that provide detailed information and assurance about controls in place at service organizati...

Sanika Bhurke published an article 10 4 January 10, 2024

05/02/2024 Update: this feature is now generally available!   Hello Trust & Security Community! We know Marketplace apps are a key part of your Atlassian solution, but depending on you...

Angelina Ignatova published an article 19 6 January 9, 2024

Hi community! My name is Steph and I’m from the Cloud Security team at Atlassian. We're working on a feature that will let customers classify their data according to their company policies or indus...

Steph Kakatsos started a discussion 0 0 January 9, 2024

First of all the Vulnerability portal (https://www.atlassian.com/trust/data-protection/vulnerabilities) is a great starting point to keep track of vulnerabilities. Recently I've played around with...

Tim Eddelbüttel asked a question 5 2 January 9, 2024

My company is undergoing external audits and we need security compliance attestations from all of our vendors.  We have the Jan2023 SOC2 Bridge report from Atlassian but now require an updated C...

Tiffany Ramzy started a discussion 7 5 January 5, 2024

Hi, Does the Security vulnerability CVE-2023-49070 affect Jira Data Center running on v9.4.2? If so, is there a workaround for this security vulnerability? Reference - https://www.bleepingcomp...

Asokan S started a discussion 0 2 January 2, 2024

REF CVE-2023-51467

fernandavalverde asked a question 1 2 January 2, 2024

Hello,    We use Jira et Confluence Data Center.  I saw the vulnerability CVE-2023-51467, regarding to Apache OFBiz. Our Atlassian Products are impacted? Do they use ...

Ana Martinez Arroyo asked a question 4 3 January 1, 2024

Hello community, We have discovered four critical vulnerabilities impacting customers of the products listed below. All four vulnerabilities carry a critical CVSS score of 9.0 or higher, and custom...

Jodie Vlassis published an article 5 2 December 5, 2023

Hi Atlassian Community, I’m Dimitris, a Senior Product Marketing Manager at Adaptavist.  My team is currently conducting research to improve one of our Jira apps — Encryption for Jira — and we...

Dimitris Sylligardakis started a discussion 10 0 November 23, 2023

...ttestations to help them understand the controls we have in place so they can use our products in a manner compliant with their applicable regulations. Staying true to our value, we pride ourselves with how t...

Jodie Vlassis published an article 8 0 November 20, 2023