{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nCrucible ist eine Code-Review-Lösung für Unternehmensteams.\r\nFisheye ist ein Quellcode-Repository-Browser für Unternehmensteams. \r\nJira ist eine Webanwendung zur Softwareentwicklung.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1608 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1608.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1608 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1608" }, { "category" : "external", "summary" : "Atlassian Security Bulletin Mai vom 2026-05-19", "url" : "https://confluence.atlassian.com/security/security-bulletin-may-19-2026-1786839142.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:19098 vom 2026-05-20", "url" : "https://access.redhat.com/errata/RHSA-2026:19098" } ], "source_lang" : "en-US", "title" : "Atlassian Produkte (Bamboo, Bitbucket, Confluence, Crucible, Fisheye und Jira): Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-05-20T22:00:00.000+00:00", "generator" : { "date" : "2026-05-21T07:35:45.292+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1608", "initial_release_date" : "2026-05-19T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-05-19T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-05-20T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von Red Hat aufgenommen" } ], "status" : "final", "version" : "2" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "Data Center LTS <12.1.7", "product" : { "name" : "Atlassian Bamboo Data Center LTS <12.1.7", "product_id" : "T054387" } }, { "category" : "product_version", "name" : "Data Center LTS 12.1.7", "product" : { "name" : "Atlassian Bamboo Data Center LTS 12.1.7", "product_id" : "T054387-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:bamboo:data_center_lts__12.1.7" } } }, { "category" : "product_version_range", "name" : "Data Center LTS <10.2.19", "product" : { "name" : "Atlassian Bamboo Data Center LTS <10.2.19", "product_id" : "T054388" } }, { "category" : "product_version", "name" : "Data Center LTS 10.2.19", "product" : { "name" : "Atlassian Bamboo Data Center LTS 10.2.19", "product_id" : "T054388-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:bamboo:data_center_lts__10.2.19" } } }, { "category" : "product_version_range", "name" : "Data Center LTS <9.6.26", "product" : { "name" : "Atlassian Bamboo Data Center LTS <9.6.26", "product_id" : "T054389" } }, { "category" : "product_version", "name" : "Data Center LTS 9.6.26", "product" : { "name" : "Atlassian Bamboo Data Center LTS 9.6.26", "product_id" : "T054389-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:bamboo:data_center_lts__9.6.26" } } } ], "category" : "product_name", "name" : "Bamboo" }, { "branches" : [ { "category" : "product_version_range", "name" : "Data Center LTS <10.2.2", "product" : { "name" : "Atlassian Bitbucket Data Center LTS <10.2.2", "product_id" : "T054391" } }, { "category" : "product_version", "name" : "Data Center LTS 10.2.2", "product" : { "name" : "Atlassian Bitbucket Data Center LTS 10.2.2", "product_id" : "T054391-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:bitbucket:data_center_lts__10.2.2" } } }, { "category" : "product_version_range", "name" : "Data Center LTS <9.4.19", "product" : { "name" : "Atlassian Bitbucket Data Center LTS <9.4.19", "product_id" : "T054392" } }, { "category" : "product_version", "name" : "Data Center LTS 9.4.19", "product" : { "name" : "Atlassian Bitbucket Data Center LTS 9.4.19", "product_id" : "T054392-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:bitbucket:data_center_lts__9.4.19" } } } ], "category" : "product_name", "name" : "Bitbucket" }, { "branches" : [ { "category" : "product_version_range", "name" : "Data Center LTS <10.2.11", "product" : { "name" : "Atlassian Confluence Data Center LTS <10.2.11", "product_id" : "T054393" } }, { "category" : "product_version", "name" : "Data Center LTS 10.2.11", "product" : { "name" : "Atlassian Confluence Data Center LTS 10.2.11", "product_id" : "T054393-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:confluence:data_center_lts__10.2.11" } } }, { "category" : "product_version_range", "name" : "Data Center LTS <9.2.20", "product" : { "name" : "Atlassian Confluence Data Center LTS <9.2.20", "product_id" : "T054394" } }, { "category" : "product_version", "name" : "Data Center LTS 9.2.20", "product" : { "name" : "Atlassian Confluence Data Center LTS 9.2.20", "product_id" : "T054394-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:confluence:data_center_lts__9.2.20" } } } ], "category" : "product_name", "name" : "Confluence" }, { "branches" : [ { "category" : "product_version_range", "name" : "<4.9.10", "product" : { "name" : "Atlassian Crucible <4.9.10", "product_id" : "T054395" } }, { "category" : "product_version", "name" : "4.9.10", "product" : { "name" : "Atlassian Crucible 4.9.10", "product_id" : "T054395-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:crucible:4.9.10" } } } ], "category" : "product_name", "name" : "Crucible" }, { "branches" : [ { "category" : "product_version_range", "name" : "<4.9.10", "product" : { "name" : "Atlassian Fisheye <4.9.10", "product_id" : "T054396" } }, { "category" : "product_version", "name" : "4.9.10", "product" : { "name" : "Atlassian Fisheye 4.9.10", "product_id" : "T054396-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:fisheye:4.9.10" } } } ], "category" : "product_name", "name" : "Fisheye" }, { "branches" : [ { "category" : "product_version_range", "name" : "Data Center LTS <11.3.5", "product" : { "name" : "Atlassian Jira Data Center LTS <11.3.5", "product_id" : "T054397" } }, { "category" : "product_version", "name" : "Data Center LTS 11.3.5", "product" : { "name" : "Atlassian Jira Data Center LTS 11.3.5", "product_id" : "T054397-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:jira:data_center_lts__11.3.5" } } }, { "category" : "product_version_range", "name" : "Data Center LTS <10.3.20", "product" : { "name" : "Atlassian Jira Data Center LTS <10.3.20", "product_id" : "T054398" } }, { "category" : "product_version", "name" : "Data Center LTS 10.3.20", "product" : { "name" : "Atlassian Jira Data Center LTS 10.3.20", "product_id" : "T054398-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:jira:data_center_lts__10.3.20" } } }, { "category" : "product_version_range", "name" : "LTS <9.12.35", "product" : { "name" : "Atlassian Jira LTS <9.12.35", "product_id" : "T054399" } }, { "category" : "product_version", "name" : "LTS 9.12.35", "product" : { "name" : "Atlassian Jira LTS 9.12.35", "product_id" : "T054399-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:atlassian:jira:lts__9.12.35" } } } ], "category" : "product_name", "name" : "Jira" } ], "category" : "vendor", "name" : "Atlassian" }, { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } } ], "category" : "vendor", "name" : "Red Hat" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2019-13990", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2019-13990" }, { "cve" : "CVE-2022-1471", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2022-1471" }, { "cve" : "CVE-2022-23521", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2022-23521" }, { "cve" : "CVE-2022-41903", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2022-41903" }, { "cve" : "CVE-2023-22518", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2023-22518" }, { "cve" : "CVE-2023-22522", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2023-22522" }, { "cve" : "CVE-2023-22523", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2023-22523" }, { "cve" : "CVE-2023-22524", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2023-22524" }, { "cve" : "CVE-2023-22527", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2023-22527" }, { "cve" : "CVE-2023-24998", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2023-24998" }, { "cve" : "CVE-2023-46604", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2023-46604" }, { "cve" : "CVE-2024-45801", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2024-45801" }, { "cve" : "CVE-2025-52999", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2025-52999" }, { "cve" : "CVE-2025-67030", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2025-67030" }, { "cve" : "CVE-2026-22029", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-22029" }, { "cve" : "CVE-2026-22732", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-22732" }, { "cve" : "CVE-2026-24734", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-24734" }, { "cve" : "CVE-2026-24880", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-24880" }, { "cve" : "CVE-2026-25639", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-25639" }, { "cve" : "CVE-2026-26960", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-26960" }, { "cve" : "CVE-2026-27727", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-27727" }, { "cve" : "CVE-2026-27830", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-27830" }, { "cve" : "CVE-2026-29062", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-29062" }, { "cve" : "CVE-2026-29129", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-29129" }, { "cve" : "CVE-2026-29145", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-29145" }, { "cve" : "CVE-2026-29146", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-29146" }, { "cve" : "CVE-2026-29786", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-29786" }, { "cve" : "CVE-2026-31802", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-31802" }, { "cve" : "CVE-2026-33750", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-33750" }, { "cve" : "CVE-2026-34483", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-34483" }, { "cve" : "CVE-2026-34487", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-34487" }, { "cve" : "CVE-2026-39304", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-39304" }, { "cve" : "CVE-2026-42198", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-42198" }, { "cve" : "CVE-2026-5598", "product_status" : { "known_affected" : [ "T054387", "T054398", "T054397", "T054396", "T054395", "T054394", "67646", "T054393", "T054392", "T054391", "T054389", "T054388", "T054399" ] }, "release_date" : "2026-05-19T22:00:00.000+00:00", "title" : "CVE-2026-5598" } ] }