• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low (View bug fix roadmap)
• Fix Version/s: 8.20.6, 8.13.19, 8.22.1, 9.0.0
• Affects Version/s: 8.22.0, 8.20.5, 8.13.18
• Component/s: Security
• Labels:

  • advisory
  • advisory-released
  • dont-import
  • security
  • 🔢✅

[JRASERVER-73304] Denial of service attacks due to use of vulnerable version of apache-commons-compress package

Collapse comment: said kouzibry added a comment - 26/Dec/2022 1:43 PM

said kouzibry added a comment - 26/Dec/2022 1:43 PM

Is there a CVE ID available for this vulnerability ?

Expand comment: said kouzibry added a comment - 26/Dec/2022 1:43 PM

said kouzibry added a comment - 26/Dec/2022 1:43 PM Is there a CVE ID available for this vulnerability ?

Manisha Sangwan made changes - 04/Oct/2022 6:24 AM

Resolution		New: Fixed [ 1 ]
Security	Original: Atlassian Staff [ 10750 ]
Status	Original: Draft [ 12872 ]	New: Published [ 12873 ]

Sen Geronimo made changes - 04/Oct/2022 6:24 AM

Component/s

New: Security [ 68109 ]

Manisha Sangwan made changes - 04/Oct/2022 6:24 AM

Labels

Original: advisory advisory-to-release dont-import security 🔢✅

New: advisory advisory-released dont-import security 🔢✅

Manisha Sangwan made changes - 29/Sep/2022 6:37 AM

Description

Original: Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform a denial of service attack against services that use the apache-commons-compress package. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:*  * version < 8.13.19  * 8.14.0 ≤ version < 8.20.6  * 8.21.0 ≤ version < 8.22.1  * 8.23.0 ≤ version < 9.0.0 *Fixed versions:*  * 8.13.19  * 8.20.6  * 8.22.1  * 9.0.0

New: Affected versions of Atlassian Jira Service Server and Data Center allow an unauthenticated attacker to perform a denial of service attack against services that use the apache-commons-compress package. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:*  * version < 8.13.19  * 8.14.0 ≤ version < 8.20.6  * 8.21.0 ≤ version < 8.22.1  * 8.23.0 ≤ version < 9.0.0 *Fixed versions:*  * 8.13.19  * 8.20.6  * 8.22.1  * 9.0.0

Manisha Sangwan made changes - 29/Sep/2022 6:06 AM

Description

Original: Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:*  * version < 8.13.19  * 8.14.0 ≤ version < 8.20.6  * 8.21.0 ≤ version < 8.22.1  * 8.23.0 ≤ version < 9.0.0 *Fixed versions:*  * 8.13.19  * 8.20.6  * 8.22.1  * 9.0.0

New: Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform a denial of service attack against services that use the apache-commons-compress package. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:*  * version < 8.13.19  * 8.14.0 ≤ version < 8.20.6  * 8.21.0 ≤ version < 8.22.1  * 8.23.0 ≤ version < 9.0.0 *Fixed versions:*  * 8.13.19  * 8.20.6  * 8.22.1  * 9.0.0

AB made changes - 29/Sep/2022 2:31 AM

Description

Original: Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package. The affected versions of Atlassian Jira Service Management Server and Data Center are 8.22.0, 8.20.5, 8.13.18 *Affected versions:*  * 8.22.0, 8.20.5, 8.13.18 *Fixed versions:*  * {color:#172b4d}8.13.19, 8.20.6, 8.22.1, 9.0.0{color}

New: Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:*  * version < 8.13.19  * 8.14.0 ≤ version < 8.20.6  * 8.21.0 ≤ version < 8.22.1  * 8.23.0 ≤ version < 9.0.0 *Fixed versions:*  * 8.13.19  * 8.20.6  * 8.22.1  * 9.0.0

Manisha Sangwan made changes - 28/Sep/2022 12:15 PM

Summary

Original:  Denial of service attacks due to use of vulnerable version of

New:  Denial of service attacks due to use of vulnerable version of apache-commons-compress package

Manisha Sangwan made changes - 28/Sep/2022 12:14 PM

Summary

Original: CVE-2021-36090 - Apache Commons compress vulnerability

New:  Denial of service attacks due to use of vulnerable version of

Manisha Sangwan made changes - 28/Sep/2022 12:12 PM

Description

Original: Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package. The affected versions of Atlassian Jira Service Management Server and Data Center are 8.22.0, 8.20.5, 8.13.18 *Affected versions:*  * 8.22.0, 8.20.5, 8.13.18 *Fixed versions:*  * {color:#172b4d}8.13.19, 8.20.6, 8.22.1, 9.0.0{color}

New: Affected versions of Atlassian Jira Service Server and Data Center allow an attacker to perform denial of service attack against services that use apache-commons-compress package. The affected versions of Atlassian Jira Service Management Server and Data Center are 8.22.0, 8.20.5, 8.13.18 *Affected versions:*  * 8.22.0, 8.20.5, 8.13.18 *Fixed versions:*  * {color:#172b4d}8.13.19, 8.20.6, 8.22.1, 9.0.0{color}

Load more older events