—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Atlassian Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: High

Software Affected

Bamboo Data Center and Server prior to 12.1.7 (LTS) recommended Data Center Only

Bamboo Data Center and Server prior to 10.2.19 (LTS) recommended Data Center Only

Bamboo Data Center and Server prior to 9.6.26 (LTS) recommended Data Center Only

Bitbucket Data Center and Server prior to 10.2.2¿10.2.3 (LTS) recommended Data Center Only

Bitbucket Data Center and Server prior to 9.4.19¿9.4.20 (LTS) Data Center Only

Confluence Data Center and Server prior to 10.2.11 recommended Data Center Only

Confluence Data Center and Server prior to 9.2.20 (LTS)  recommended Data Center Only

Fisheye/Crucible prior to 4.9.10

Jira Data Center and Server prior to 11.3.6 (LTS) recommended Data Center Only

Jira Data Center and Server prior to 10.3.21 (LTS) Data Center Only

Jira Data Center and Server prior to 9.12.35 (LTS) recommended Data Center Only

Jira Service Management Data Center and Server prior to 11.3.6 (LTS) Data Center Only

Jira Service Management Data Center and Server prior to 10.3.21 (LTS) Data Center Only

Overview

Multiple vulnerabilities have been reported in Atlassian products which could be exploited by an attacker to perform remote code execution, disclose sensitive information, conduct directory traversal, inject malicious code, perform HTTP request/response smuggling, include unauthorized files, perform cross-site scripting (XSS), exploit security misconfigurations, bypass authentication/session protections, or cause denial of service (DoS) conditions on the targeted system.

Target Audience:

All end-users of organizations using Atlassian products.

Risk Assessment:

High risk unauthorized access to sensitive data and system instability.

Impact Assessment:

Potential for access to sensitive data and system instability.

Description

Multiple Vulnerabilities existed in Atlassian products.

 

Solution

Apply appropriate updates as mentioned in the Atlassian Security Bulletin  

https://confluence.atlassian.com/security/security-bulletin-may-19-2026-1786839142.html

Vendor Information

Atlassian

https://confluence.atlassian.com/security/security-bulletin-may-19-2026-1786839142.html

References

Atlassian

https://confluence.atlassian.com/security/security-bulletin-may-19-2026-1786839142.html

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoUYjAACgkQ3jCgcSdc

ys+7HhAAo/OkIRgnsqAe6f1yZO8VloLKlly3pfU2nQ6HsxeYN8OlIG980wh8/Rrz

GDyij/jJ37ZltXbLKGo6q8v1R87xzhsvfHAOmxATfRhGBPlUMsknH2oxudo0wxHe

WbsG1nuTKxRg0LrNsF7A26O2VSYyCi+oTQuW2L/NK4QzIFUGnlptMKF+n2qZBCNK

U1z/nbXkrBij9IqjsIf5jwyf6viXwEWAljLZaHW3W+h7ZYKYBOtV6iVn6kyZAb5L

wo9uP33D5vT48Ix19Khu3vmR4jG3g2IT/9ktXAC1as9b2wGoMDYBaaY7jZ5V+G66

U3IWfavyNGiLA50upYO2JHRXRRtHniOHI2vRCySddm8B4ixsNWW4GcseahJ9PL10

8Q82oXbDCZ0/DYVNMjSKdih4osdP3jHpG/5uy2sqAIb+JwaPHXCJAu9P2Fs2MWAM

s6elU6N8XOkxO6ZstZSQAnRq96gAdq4fff+FdFLeITJRBV5M+7v0EO1DbWs7TACh

xLnYm37HdjCiiJG6kDIclEkrf8vT1ddpW+vHai48up0RgMGXJWmr8gZq2s5PxIIV

DHjoBTV8KEP8BkJI2HXVL/5BgUNZ2VKQQQHEm1m0npyyllv2vA3S3uu+41TDVc+u

kPDTAOes1fpM5bjQvVRnyEpXQamh9PAovaLcJy8mMeABHgechK0=

=wzbr

—–END PGP SIGNATURE—–