Atlassian Security
Security in Atlassian products
You can find information about how Atlassian handles trust and security at https://www.atlassian.com/trust. If you are looking to report a security issue to us, please see https://www.atlassian.com/trust/security/report-a-vulnerability
Security Advisories & Bulletins
Atlassian publishes security advisories and bulletins at https://www.atlassian.com/trust/security/advisories.
To be notified by email when new advisories or bulletins are published go to https://my.atlassian.com/email and subscribe to Tech Alerts emails.
Articles
- Announcement: Planned changes to the Security Bug Fix Policy
- Security Advisories & Bulletins
- Security Bulletin - April 16 2024
- Security Bulletin - March 19 2024
- Security Bulletin - February 20 2024
- Security Bulletin - January 16 2024
- January 2024: Security Advisories Overview
- Security Bulletin - December 12 2023
- December 2023: Security Advisories Overview
- Security Bulletin - November 21 2023
- Security Bulletin - October 17 2023
- Security Bulletin - September 19 2023
- Security Bulletin - August 15 2023
- Security Bulletin - July 18 2023
- CVE-2019-13990 - XXE (XML External Entity Injection) Vulnerability In Jira Service Management Data Center and Jira Service Management Server
- CVE-2022-1471 - SnakeYAML library RCE Vulnerability impacts Multiple Products
- CVE-2023-22522 - RCE Vulnerability In Confluence Data Center and Confluence Server
- CVE-2023-22523 - RCE Vulnerability in Assets Discovery
- CVE-2023-22524 - RCE Vulnerability in Atlassian Companion App for MacOS
- CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server
- November 2023: Security Advisories Overview
- October 2023: Security Advisories Overview
- January 2023: Security Advisories Overview
- November 2022: Atlassian Security Advisories Overview
- August 2022: Atlassian Security Advisories Overview
- July 2022: Atlassian Security Advisories Overview
- Multiple Products Security Advisory - Unrendered unicode bidirectional override characters - CVE-2021-42574
- CVE-2021-42574 - Unrendered unicode bidirectional override characters in Cloud sites
- Atlassian Products & Services and CVE-2018-11235 & CVE-2018-11233
- CVE-2019-20903 - XSS in atlaskit/editor-core
- CVE-2021-26073 - Broken authentication in Atlassian Connect Express (ACE)
- CVE-2021-26074 - Broken authentication in Atlassian Connect Spring Boot (ACSB)
- CVE-2021-26077 - Broken authentication in Atlassian Connect Spring Boot (ACSB)
- Local Privilege Escalation via DLL Hijack in Confluence Server on Windows Installations
- Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228
- Multiple Products Security Advisory - Hazelcast Vulnerable To Remote Code Execution - CVE-2016-10750, CVE-2022-26133
- Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137
- Multiple Products Security Advisory - Git Buffer Overflow - CVE-2022-41903, CVE-2022-23521
- CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server
- CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Server
- CVE-2023-46604 - Apache ActiveMQ RCE Vulnerability impacts Bamboo Data Center and Server