Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-62837

Tomcat vulnerabilities CVE-2021-25329 and CVE-2021-25122

XMLWordPrintable

      Issue Summary

      Recently disclosed vulnerability regarding Tomcat CVE-2021-25329 and CVE-2021-25122 affects the following versions:

      • Apache Tomcat 9.0.0.M1 to 9.0.41
      • Apache Tomcat 8.5.0 to 8.5.61

      Steps to Reproduce

      See more at: https://nvd.nist.gov/vuln/detail/CVE-2021-25329 and https://nvd.nist.gov/vuln/detail/CVE-2021-25122

        1. image-2021-05-24-20-33-15-744.png
          image-2021-05-24-20-33-15-744.png
          718 kB

            [CONFSERVER-62837] Tomcat vulnerabilities CVE-2021-25329 and CVE-2021-25122

            Jiri Hronik added a comment -

            A fix for this issue is available to Server and Data Center customers in Confluence 7.13.0
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Jiri Hronik added a comment - A fix for this issue is available to Server and Data Center customers in Confluence 7.13.0 Upgrade now or check out the Release Notes to see what other issues are resolved.

            Jiri Hronik added a comment -

            A fix for this issue is available to Server and Data Center customers in Confluence 7.4.10
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Jiri Hronik added a comment - A fix for this issue is available to Server and Data Center customers in Confluence 7.4.10 Upgrade now or check out the Release Notes to see what other issues are resolved.

            Natalie Will added a comment -

            Yes, there was an update made to Jira as well, as you can see at https://jira.atlassian.com/browse/JRASERVER-72211

            It was already released, you can see it in the release notes of Jira 8.17 https://confluence.atlassian.com/jirasoftware/jira-software-8-17-x-release-notes-1063559166.html 

            Natalie Will added a comment - Yes, there was an update made to Jira as well, as you can see at https://jira.atlassian.com/browse/JRASERVER-72211 .  It was already released, you can see it in the release notes of Jira 8.17 https://confluence.atlassian.com/jirasoftware/jira-software-8-17-x-release-notes-1063559166.html  

            Jamal Nasir added a comment -

            Was there an update made to Jira as well as Confluence or just confluence? 

            Jamal Nasir added a comment - Was there an update made to Jira as well as Confluence or just confluence? 

            mocallaghan@manh.com added a comment -

            I see this has been assigned to version 7.14. Do you know when 7.14 is scheduled to be released?

            mocallaghan@manh.com added a comment - I see this has been assigned to version 7.14. Do you know when 7.14 is scheduled to be released?

            Jamal Nasir added a comment -

            Path : /opt/atlassian/confluence/bin/
            Installed version : 9.0.40
            Fixed version : 9.0.43

            Jamal Nasir added a comment - Path : /opt/atlassian/confluence/bin/ Installed version : 9.0.40 Fixed version : 9.0.43

            Jamal Nasir added a comment - - edited

            Security scanners report the following:  

             Path : /opt/atlassian/jira/bin/
            Installed version : 8.5.60
            Fixed version : 8.5.63

            Jamal Nasir added a comment - - edited Security scanners report the following:    Path : /opt/atlassian/jira/bin/ Installed version : 8.5.60 Fixed version : 8.5.63

              ec98c3f232a1 Akshay Kumar (Inactive)
              ajardim Artur J
              Affected customers:
              8 This affects my team
              Watchers:
              20 Start watching this issue

                Created:
                Updated:
                Resolved: