-
Public Security Vulnerability
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
8.22.0, 8.20.5, 8.13.18
-
7.5
-
High
Affected versions of Atlassian Jira Service Server and Data Center allow an unauthenticated attacker to perform a denial of service attack against services that use the apache-commons-compress package.
The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0.
Affected versions:
- version < 8.13.19
- 8.14.0 ≤ version < 8.20.6
- 8.21.0 ≤ version < 8.22.1
- 8.23.0 ≤ version < 9.0.0
Fixed versions:
- 8.13.19
- 8.20.6
- 8.22.1
- 9.0.0
[JRASERVER-73304] Denial of service attacks due to use of vulnerable version of apache-commons-compress package
| Resolution | New: Fixed [ 1 ] | |
| Security | Original: Atlassian Staff [ 10750 ] | |
| Status | Original: Draft [ 12872 ] | New: Published [ 12873 ] |
| Component/s | New: Security [ 68109 ] |
| Labels | Original: advisory advisory-to-release dont-import security 🔢✅ | New: advisory advisory-released dont-import security 🔢✅ |
| Description |
Original:
Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform a denial of service attack against services that use the apache-commons-compress package.
The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:* * version < 8.13.19 * 8.14.0 ≤ version < 8.20.6 * 8.21.0 ≤ version < 8.22.1 * 8.23.0 ≤ version < 9.0.0 *Fixed versions:* * 8.13.19 * 8.20.6 * 8.22.1 * 9.0.0 |
New:
Affected versions of Atlassian Jira Service Server and Data Center allow an unauthenticated attacker to perform a denial of service attack against services that use the apache-commons-compress package.
The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:* * version < 8.13.19 * 8.14.0 ≤ version < 8.20.6 * 8.21.0 ≤ version < 8.22.1 * 8.23.0 ≤ version < 9.0.0 *Fixed versions:* * 8.13.19 * 8.20.6 * 8.22.1 * 9.0.0 |
| Description |
Original:
Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package.
The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:* * version < 8.13.19 * 8.14.0 ≤ version < 8.20.6 * 8.21.0 ≤ version < 8.22.1 * 8.23.0 ≤ version < 9.0.0 *Fixed versions:* * 8.13.19 * 8.20.6 * 8.22.1 * 9.0.0 |
New:
Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform a denial of service attack against services that use the apache-commons-compress package.
The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:* * version < 8.13.19 * 8.14.0 ≤ version < 8.20.6 * 8.21.0 ≤ version < 8.22.1 * 8.23.0 ≤ version < 9.0.0 *Fixed versions:* * 8.13.19 * 8.20.6 * 8.22.1 * 9.0.0 |
| Description |
Original:
Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package.
The affected versions of Atlassian Jira Service Management Server and Data Center are 8.22.0, 8.20.5, 8.13.18 *Affected versions:* * 8.22.0, 8.20.5, 8.13.18 *Fixed versions:* * {color:#172b4d}8.13.19, 8.20.6, 8.22.1, 9.0.0{color} |
New:
Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package.
The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:* * version < 8.13.19 * 8.14.0 ≤ version < 8.20.6 * 8.21.0 ≤ version < 8.22.1 * 8.23.0 ≤ version < 9.0.0 *Fixed versions:* * 8.13.19 * 8.20.6 * 8.22.1 * 9.0.0 |
| Summary | Original: Denial of service attacks due to use of vulnerable version of | New: Denial of service attacks due to use of vulnerable version of apache-commons-compress package |
| Summary | Original: CVE-2021-36090 - Apache Commons compress vulnerability | New: Denial of service attacks due to use of vulnerable version of |
| Description |
Original:
Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package.
The affected versions of Atlassian Jira Service Management Server and Data Center are 8.22.0, 8.20.5, 8.13.18 *Affected versions:* * 8.22.0, 8.20.5, 8.13.18 *Fixed versions:* * {color:#172b4d}8.13.19, 8.20.6, 8.22.1, 9.0.0{color} |
New:
Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package.
The affected versions of Atlassian Jira Service Management Server and Data Center are 8.22.0, 8.20.5, 8.13.18 *Affected versions:* * 8.22.0, 8.20.5, 8.13.18 *Fixed versions:* * {color:#172b4d}8.13.19, 8.20.6, 8.22.1, 9.0.0{color} |
| Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allows other low privilege employees to see admin credentials via information leakage in the API \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> response.
The affected versions of Atlassian Jira Service Management Server and Data Center are before version 4.20.4. *Affected versions:* * 8.22.0, 8.20.5, 8.13.18 *Fixed versions:* * |
New:
Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package.
The affected versions of Atlassian Jira Service Management Server and Data Center are 8.22.0, 8.20.5, 8.13.18 *Affected versions:* * 8.22.0, 8.20.5, 8.13.18 *Fixed versions:* * {color:#172b4d}8.13.19, 8.20.6, 8.22.1, 9.0.0{color} |