{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder Cross-Site-Scripting-Angriffe durchzuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1229 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1229.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1229 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1229" }, { "category" : "external", "summary" : "Atlassian Security Bulletin - April 21 2026 vom 2026-04-21", "url" : "https://confluence.atlassian.com/security/security-bulletin-april-21-2026-1770913890.html" } ], "source_lang" : "en-US", "title" : "Atlassian Bamboo, Bitbucket, Confluence, Jira: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-04-21T22:00:00.000+00:00", "generator" : { "date" : "2026-04-22T10:29:08.013+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-1229", "initial_release_date" : "2026-04-21T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-04-21T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<12.1.6", "product" : { "name" : "Atlassian Bamboo <12.1.6", "product_id" : "T053202" } }, { "category" : "product_version", "name" : "12.1.6", "product" : { "name" : "Atlassian Bamboo 12.1.6", "product_id" : "T053202-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:bamboo:12.1.6" } } }, { "category" : "product_version_range", "name" : "<10.2.18", "product" : { "name" : "Atlassian Bamboo <10.2.18", "product_id" : "T053203" } }, { "category" : "product_version", "name" : "10.2.18", "product" : { "name" : "Atlassian Bamboo 10.2.18", "product_id" : "T053203-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:bamboo:10.2.18" } } } ], "category" : "product_name", "name" : "Bamboo" }, { "branches" : [ { "category" : "product_version_range", "name" : "<10.2.2", "product" : { "name" : "Atlassian Bitbucket <10.2.2", "product_id" : "T053207" } }, { "category" : "product_version", "name" : "10.2.2", "product" : { "name" : "Atlassian Bitbucket 10.2.2", "product_id" : "T053207-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:bitbucket:10.2.2" } } }, { "category" : "product_version_range", "name" : "<9.4.19", "product" : { "name" : "Atlassian Bitbucket <9.4.19", "product_id" : "T053209" } }, { "category" : "product_version", "name" : "9.4.19", "product" : { "name" : "Atlassian Bitbucket 9.4.19", "product_id" : "T053209-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:bitbucket:9.4.19" } } } ], "category" : "product_name", "name" : "Bitbucket" }, { "branches" : [ { "category" : "product_version_range", "name" : "<10.2.10", "product" : { "name" : "Atlassian Confluence <10.2.10", "product_id" : "T053211" } }, { "category" : "product_version", "name" : "10.2.10", "product" : { "name" : "Atlassian Confluence 10.2.10", "product_id" : "T053211-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:confluence:10.2.10" } } }, { "category" : "product_version_range", "name" : "<9.2.19", "product" : { "name" : "Atlassian Confluence <9.2.19", "product_id" : "T053213" } }, { "category" : "product_version", "name" : "9.2.19", "product" : { "name" : "Atlassian Confluence 9.2.19", "product_id" : "T053213-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:confluence:9.2.19" } } } ], "category" : "product_name", "name" : "Confluence" }, { "branches" : [ { "category" : "product_version_range", "name" : "<11.3.4", "product" : { "name" : "Atlassian Jira <11.3.4", "product_id" : "T053215" } }, { "category" : "product_version", "name" : "11.3.4", "product" : { "name" : "Atlassian Jira 11.3.4", "product_id" : "T053215-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:jira:11.3.4" } } }, { "category" : "product_version_range", "name" : "<10.3.19", "product" : { "name" : "Atlassian Jira <10.3.19", "product_id" : "T053216" } }, { "category" : "product_version", "name" : "10.3.19", "product" : { "name" : "Atlassian Jira 10.3.19", "product_id" : "T053216-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:jira:10.3.19" } } }, { "category" : "product_version_range", "name" : "Service Management <11.3.4", "product" : { "name" : "Atlassian Jira Service Management <11.3.4", "product_id" : "T053218" } }, { "category" : "product_version", "name" : "Service Management 11.3.4", "product" : { "name" : "Atlassian Jira Service Management 11.3.4", "product_id" : "T053218-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:jira:service_management__11.3.4" } } }, { "category" : "product_version_range", "name" : "Service Management <10.3.19", "product" : { "name" : "Atlassian Jira Service Management <10.3.19", "product_id" : "T053221" } }, { "category" : "product_version", "name" : "Service Management 10.3.19", "product" : { "name" : "Atlassian Jira Service Management 10.3.19", "product_id" : "T053221-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:jira:service_management__10.3.19" } } } ], "category" : "product_name", "name" : "Jira" } ], "category" : "vendor", "name" : "Atlassian" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2021-0341", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2021-0341" }, { "cve" : "CVE-2021-31597", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2021-31597" }, { "cve" : "CVE-2022-1471", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2022-1471" }, { "cve" : "CVE-2022-25927", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2022-25927" }, { "cve" : "CVE-2023-1370", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2023-1370" }, { "cve" : "CVE-2023-3635", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2023-3635" }, { "cve" : "CVE-2023-48631", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2023-48631" }, { "cve" : "CVE-2024-29371", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2024-29371" }, { "cve" : "CVE-2024-45801", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2024-45801" }, { "cve" : "CVE-2024-47875", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2024-47875" }, { "cve" : "CVE-2025-48734", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2025-48734" }, { "cve" : "CVE-2025-66020", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2025-66020" }, { "cve" : "CVE-2026-21571", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-21571" }, { "cve" : "CVE-2026-22029", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-22029" }, { "cve" : "CVE-2026-23745", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-23745" }, { "cve" : "CVE-2026-23950", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-23950" }, { "cve" : "CVE-2026-24734", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-24734" }, { "cve" : "CVE-2026-24842", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-24842" }, { "cve" : "CVE-2026-24880", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-24880" }, { "cve" : "CVE-2026-25547", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-25547" }, { "cve" : "CVE-2026-25639", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-25639" }, { "cve" : "CVE-2026-26960", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-26960" }, { "cve" : "CVE-2026-29063", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-29063" }, { "cve" : "CVE-2026-31802", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-31802" }, { "cve" : "CVE-2026-33870", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-33870" }, { "cve" : "CVE-2026-33871", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-33871" }, { "cve" : "CVE-2026-34487", "product_status" : { "known_affected" : [ "T053221", "T053209", "T053207", "T053218", "T053215", "T053216", "T053202", "T053213", "T053203", "T053211" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-34487" } ] }