How to find Atlassian products on your network

Latest Atlassian vulnerabilities #

Atlassian issued a security bulletin for high and critical vulnerabilities found within third-party dependencies used within their products. The affected products include: Bamboo, Bitbucket, Confluence, Crowd, and JIRA.

Three of the critical vulnerabilities were found within the embedded Apache Tomcat web server. The first two: CVE-2024-50379,  CVE-2024-56337 with a CVSS score of 9.8, affects Confluence Data Center and Server as well as Crowd Data Center and Server with the potential for a remote attacker to execute arbitrary code. CVE-2024-52316, also with a CVSS score of 9.8, affects Crowd Data Center and Server, potentially allows for an authentication bypass by a remote attacker.

One high vulnerability found within the protocol buffer library CVE-2024-7254, with a CVSS score of 8.7, affects Bamboo Data Center and Server in addition to Jira Data Center and Server, potentially leading to a denial of service (DoS).

Another high vulnerability found with the Avro serialization library CVE-2024-47561, with a CVSS score of 7.3, affects Bitbucket Data Center and Server potentially allowing for a remote attacker to execute arbitrary code.

What is the impact? #

Bamboo, Crowd, and JIRA are vulnerable to denial of service vulnerabilities. Bitbucket, Confluence, and Crowd are vulnerable to unauthenticated remote execution of arbitrary code by a remote attacker. Crowd is also vulnerable to a broken authentication vulnerability.

Atlassian has indicated that there are no known active exploitations of the of the vulnerabilities. However, they recommend updating to the latest software revisions as soon as possible.

Are updates available? #

Updates are available and detailed within the security bulletin.

How do I find potentially vulnerable instances with runZero? #

From the Service Inventory, use the following query to locate systems running potentially vulnerable software:

(product:confluence OR (_asset.protocol:http AND protocol:http AND has:http.head.xConfluenceRequestTime)) OR (product:bamboo OR (_asset.protocol:http AND protocol:http AND _service.favicon.ico.image.mmh3:=-1379982221)) OR (product:bitbucket OR (_asset.protocol:http AND protocol:http AND _service.favicon.ico.image.mmh3:=667017222)) OR (product:crowd OR (_asset.protocol:http AND protocol:http AND _service.favicon.ico.image.mmh3:=-1231308448)) OR (product:jira OR (_asset.protocol:http AND protocol:http AND (_service.favicon.ico.image.mmh3:=628535358 OR _service.favicon.ico.image.mmh3:=855273746)))