—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Atlassian Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: Critical

Systems Affected

·         Bitbucket Data Center and Server

·         Confluence Data Center and Server

·         Jira Data Center and Server

·         Jira Service Management Data Center and Server

 Overview

Multiple vulnerabilities have been reported in Atlassian Products which could allow an attacker to execute arbitrary code, perform Command Injection, Prototype Pollution, Open Redirect, Cryptographic Failure, Path Traversal, Improper Authorization, SSRF (server-side request forgery) attack, obtain sensitive information and cause Denial of Service (DoS) condition on the targeted system.

Target Audience:

Individuals and organisational users of the above mentioned Atlassian Products.

Risk Assessment:

High risk of Remote Code Execution (RCE), SSRF (Server-Side Request Forgery), DoS (Denial of Service).

Impact Assessment:

Potential for unauthorized access to sensitive data or service disruption.

Description

Atlassian products are used by software development teams, IT operations, project management professionals and business teams. Some of the key products in the Atlassian suite include Bitbucket, Jira and Confluence.

Multiple vulnerabilities have been reported in various Atlassian Products:

Solution

Apply appropriate updates as mentioned in Atlassian security bulletin: https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html

References

Atlassian

https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html

 

CVE Name

CVE-2024-38999

CVE-2016-1000027

CVE-2023-42282

CVE-2023-45133

CVE-2025-48734

CVE-2025-55163

CVE-2024-25710

CVE-2024-29415

CVE-2024-22259

CVE-2024-21538

CVE-2023-52428

CVE-2024-45590

CVE-2021-3803

CVE-2022-31129

CVE-2021-3807

CVE-2024-4068

CVE-2022-24785

CVE-2021-33587

CVE-2025-41248

CVE-2022-24772

CVE-2024-38819

CVE-2022-24771

CVE-2025-22228

CVE-2020-8203

CVE-2020-28471

CVE-2025-22235

CVE-2023-26159

CVE-2021-23337

CVE-2022-46175

CVE-2025-48387

CVE-2025-22166

CVE-2024-37890

CVE-2022-38900

CVE-2024-45296

CVE-2025-48976

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkgkF4ACgkQ3jCgcSdc

ys8Etw/+PPCi1SoIb215MwV7nqiIwBf0Tq3vpdWRFLX8jSsFHjyRK9kCXix5HX/T

RVPJUi8VhKz7z+c9cDFaWA0dVI6BSC7p5uQdIsFoZ2Gmi1QBFSbWmeYIH8WW3zOq

urETJgAlhWA8TXg5LTjkx67RYw27fcyNsHk6QnVPfjZhyMdXEgyXwy1LmQAd3vWP

VKmA/N1aYfkyYySaUt0T0nQ3MtwK6OlwVrJpz9NcX9XTH08kle+W148Xz7RGPsJa

KXzOfJclIqEHP+1hrYYJMYUhimUoGID2hY8K7A4zd17+kietXTOyaZdKNSRwPHIB

dBYEtmww//X1kjXutp5eE+ykB+XaCvU8csCpkzbK/cfMfLs7dudVnDD3YBCQyjXH

8VRIXP9MEcozIwmgjxMcII2ymhxZVhInb1ySZs7+pDHkJk1OdW+KBOjRAegpaF4U

Hf36pAMm95HBvdahJBfXyT+K4OT+xW7daOkZ/nqydb5tTta0b3QaVZDDCHAXmCf0

/ORu94MWqHA8V3VT8Q1JLiCIm3B6YRYc/QPBKAix9Mq4GQrBTW1w9BNVjw2Awcid

f1aUCwOQEvfSIR7OkSMa6A00JDaITC0GdUbI0Dn7w7mEqs+nlVbfgGBqAWdclHF3

m9DDyS5WettiGuWmsACsRm4Yh+2rtZIjj8SwK+r+mUdZrmovMVI=

=SHk5

—–END PGP SIGNATURE—–