after a thorough analysis, we recommend installing a minor update to the affected systems Jira Core & Jira Service Management and consider the update for Bamboo, Confluence, Jira Software & Fisheye/Crucible to be optional. We assessed the risk for Jira Core and Jira Service Management as "medium to high" and for Bamboo, Confluence, Jira Software & Fisheye/Crucible as "low".
Additional information: * The fixed version of Jira 10.3 was released in March and has already been applied to many systems. * The fixed version of Jira 9.12 was released in April and has already been applied to many systems.
If we are hosting your systems or proactively update your applications, we will directly communicate any information via the opened tickets (which have been created in the meantime) in our service center.
This incident affected: Atlassian-Security (Security Status Bamboo, Security Status Confluence, Security Status Crucible/Fisheye, Security Status Jira).