Atlassian Security

Security in Atlassian products

You can find information about how Atlassian handles trust and security at https://www.atlassian.com/trust. If you are looking to report a security issue to us, please see https://www.atlassian.com/trust/security/report-a-vulnerability

Security Advisories & Bulletins

Atlassian publishes security advisories and bulletins at https://www.atlassian.com/trust/security/advisories.

To be notified by email when new advisories or bulletins are published go to https://my.atlassian.com/email and subscribe to Tech Alerts emails.

Articles

Announcement: Planned changes to the Security Bug Fix Policy
Security Advisories & Bulletins
- Security Bulletin - April 16 2024
- Security Bulletin - March 19 2024
- Security Bulletin - February 20 2024
- Security Bulletin - January 16 2024
- January 2024: Security Advisories Overview
- Security Bulletin - December 12 2023
- December 2023: Security Advisories Overview
- Security Bulletin - November 21 2023
- Security Bulletin - October 17 2023
- Security Bulletin - September 19 2023
- Security Bulletin - August 15 2023
- Security Bulletin - July 18 2023
- CVE-2019-13990 - XXE (XML External Entity Injection) Vulnerability In Jira Service Management Data Center and Jira Service Management Server
- CVE-2022-1471 - SnakeYAML library RCE Vulnerability impacts Multiple Products
- CVE-2023-22522 - RCE Vulnerability In Confluence Data Center and Confluence Server
- CVE-2023-22523 - RCE Vulnerability in Assets Discovery
- CVE-2023-22524 - RCE Vulnerability in Atlassian Companion App for MacOS
- CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server
November 2023: Security Advisories Overview
October 2023: Security Advisories Overview
January 2023: Security Advisories Overview
November 2022: Atlassian Security Advisories Overview
August 2022: Atlassian Security Advisories Overview
July 2022: Atlassian Security Advisories Overview
Multiple Products Security Advisory - Unrendered unicode bidirectional override characters - CVE-2021-42574
CVE-2021-42574 - Unrendered unicode bidirectional override characters in Cloud sites
Atlassian Products & Services and CVE-2018-11235 & CVE-2018-11233
CVE-2019-20903 - XSS in atlaskit/editor-core
CVE-2021-26073 - Broken authentication in Atlassian Connect Express (ACE)
CVE-2021-26074 - Broken authentication in Atlassian Connect Spring Boot (ACSB)
CVE-2021-26077 - Broken authentication in Atlassian Connect Spring Boot (ACSB)
Local Privilege Escalation via DLL Hijack in Confluence Server on Windows Installations
Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228
Multiple Products Security Advisory - Hazelcast Vulnerable To Remote Code Execution - CVE-2016-10750, CVE-2022-26133
Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137
Multiple Products Security Advisory - Git Buffer Overflow - CVE-2022-41903, CVE-2022-23521
CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server
CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Server
CVE-2023-46604 - Apache ActiveMQ RCE Vulnerability impacts Bamboo Data Center and Server

Products

Jira Software

Jira Service Management

Jira Work Management

Confluence

Bitbucket

Resources

Documentation

Community

System Status

Suggestions and bugs

Marketplace

Billing and licensing

Security in Atlassian products

Security Advisories & Bulletins

Articles

Page

Viewport

Confluence

Atlassian Security

Security in Atlassian products

Security Advisories & Bulletins

Articles