Atlassian Security

Security in Atlassian products

You can find information about how Atlassian handles trust and security at https://www.atlassian.com/trust. If you are looking to report a security issue to us, please see https://www.atlassian.com/trust/security/report-a-vulnerability

Security Advisories

Atlassian publishes security advisories at https://www.atlassian.com/trust/security/advisories.

To be notified by email when new advisories are published go to https://my.atlassian.com/email and subscribe to Tech Alerts emails.

Articles

• Multiple Products Security Advisory - Unrendered unicode bidirectional override characters - CVE-2021-42574
• CVE-2021-42574 - Unrendered unicode bidirectional override characters in Cloud sites
• Atlassian Products & Services and CVE-2018-11235 & CVE-2018-11233
• CVE-2019-20903 - XSS in atlaskit/editor-core
• CVE-2021-26073 - Broken authentication in Atlassian Connect Express (ACE)
• CVE-2021-26074 - Broken authentication in Atlassian Connect Spring Boot (ACSB)
• CVE-2021-26077 - Broken authentication in Atlassian Connect Spring Boot (ACSB)
• Local Privilege Escalation via DLL Hijack in Confluence Server on Windows Installations
• Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228
• Multiple Products Security Advisory - Hazelcast Vulnerable To Remote Code Execution - CVE-2016-10750, CVE-2022-26133
• Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137
• July 2022: Atlassian Security Advisories Overview
• August 2022: Atlassian Security Advisories Overview
• November 2022: Atlassian Security Advisories Overview
• Multiple Products Security Advisory - Git Buffer Overflow - CVE-2022-41903, CVE-2022-23521
• January 2023: Security Advisories Overview
• Public Security Advisories