Covert timing channel vulnerability at Bouncy Castle dependency at Crucible Server
摘要
Covert timing channel vulnerability at Bouncy Castle dependency at Crucible Server
正文
This High severity Covert timing channel vulnerability was introduced in version 4.9.0 of Crucible Server. Atlassian recommends that Crucible Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Crucible Data Center and Server 4.9: Upgrade to a release greater than or equal to 4.9.10 See the release notes ([https://confluence.atlassian.com/crucible/crucible-releases-298977378.html]). You can download the latest version of Crucible Data Center and Server from the download center ([https://www.atlassian.com/software/crucible/download-archives]). Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.84. Additional details: Details Type: Public Security Vulnerability Resolution: Fixed Priority: High Fix Version/s: 4.9.10 Affects Version/s: 4.9.0 , 4.9.1 , 4.9.2 , 4.9.3 , 4.9.4 , 4.9.5 , 4.9.6 , 4.9.7 , 4.9.8 , 4.9.9 Component/s: None Labels: advisory advisory-to-release dont-import security CVSS Score: 8.9 CVSS Severity: High CVE ID: CVE-2026-5598 Vulnerability Source: Atlassian (Internal) CVSSv3 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red Affected Product(s): Crucible Data Center , Crucible Server Affected products: - Bamboo Data Center 10.0.0 (AFFECTED) - Bamboo Data Center 10.1.0 (AFFECTED) - Bamboo Data Center 10.2.0 (AFFECTED) - Bamboo Data Center 10.2.1 (AFFECTED) - Bamboo Data Center 10.2.10 (AFFECTED) - Bamboo Data Center 10.2.11 (AFFECTED) - Bamboo Data Center 10.2.12 (AFFECTED) - Bamboo Data Center 10.2.13 (AFFECTED) - Bamboo Data Center 10.2.14 (AFFECTED) - Bamboo Data Center 10.2.15 (AFFECTED) - Bamboo Data Center 10.2.16 (AFFECTED) - Bamboo Data Center 10.2.17 (AFFECTED) - Bamboo Data Center 10.2.18 (AFFECTED) - Bamboo Data Center 10.2.19 (FIXED) - Bamboo Data Center 10.2.2 (AFFECTED) - Bamboo Data Center 10.2.3 (AFFECTED) - Bamboo Data Center 10.2.4 (AFFECTED) - Bamboo Data Center 10.2.5 (AFFECTED) - Bamboo Data Center 10.2.6 (AFFECTED) - Bamboo Data Center 10.2.7 (AFFECTED) - Bamboo Data Center 10.2.8 (AFFECTED) - Bamboo Data Center 10.2.9 (AFFECTED) - Bamboo Data Center 11.0.0 (AFFECTED) - Bamboo Data Center 12.0.0 (AFFECTED) - Bamboo Data Center 12.1.0 (AFFECTED) - Bamboo Data Center 12.1.1 (AFFECTED) - Bamboo Data Center 12.1.2 (AFFECTED) - Bamboo Data Center 12.1.3 (AFFECTED) - Bamboo Data Center 12.1.6 (AFFECTED) - Bamboo Data Center 12.1.7 (FIXED) - Crucible Data Center 4.9.0 (AFFECTED) - Crucible Data Center 4.9.1 (AFFECTED) - Crucible Data Center 4.9.10 (FIXED) - Crucible Data Center 4.9.2 (AFFECTED) - Crucible Data Center 4.9.3 (AFFECTED) - Crucible Data Center 4.9.4 (AFFECTED) - Crucible Data Center 4.9.5 (AFFECTED) - Crucible Data Center 4.9.6 (AFFECTED) - Crucible Data Center 4.9.7 (AFFECTED) - Crucible Data Center 4.9.8 (AFFECTED) - Crucible Data Center 4.9.9 (AFFECTED) - Crucible Server 4.9.0 (AFFECTED) - Crucible Server 4.9.1 (AFFECTED) - Crucible Server 4.9.10 (FIXED) - Crucible Server 4.9.2 (AFFECTED) - Crucible Server 4.9.3 (AFFECTED) - Crucible Server 4.9.4 (AFFECTED) - Crucible Server 4.9.5 (AFFECTED) - Crucible Server 4.9.6 (AFFECTED) - Crucible Server 4.9.7 (AFFECTED) - Crucible Server 4.9.8 (AFFECTED) - Crucible Server 4.9.9 (AFFECTED)
标签
- atlassian
- bamboo_data_center
- crucible_data_center
- crucible_server
- cve
- security
扩展字段
{
"affected_products": [
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.0.0"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.1.0"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.0"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.1"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.10"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.11"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.12"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.13"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.14"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.15"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.16"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.17"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.18"
},
{
"product": "Bamboo Data Center",
"status": "FIXED",
"version": "10.2.19"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.2"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.3"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.4"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.5"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.6"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.7"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.8"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "10.2.9"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "11.0.0"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "12.0.0"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "12.1.0"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "12.1.1"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "12.1.2"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "12.1.3"
},
{
"product": "Bamboo Data Center",
"status": "AFFECTED",
"version": "12.1.6"
},
{
"product": "Bamboo Data Center",
"status": "FIXED",
"version": "12.1.7"
},
{
"product": "Crucible Data Center",
"status": "AFFECTED",
"version": "4.9.0"
},
{
"product": "Crucible Data Center",
"status": "AFFECTED",
"version": "4.9.1"
},
{
"product": "Crucible Data Center",
"status": "FIXED",
"version": "4.9.10"
},
{
"product": "Crucible Data Center",
"status": "AFFECTED",
"version": "4.9.2"
},
{
"product": "Crucible Data Center",
"status": "AFFECTED",
"version": "4.9.3"
},
{
"product": "Crucible Data Center",
"status": "AFFECTED",
"version": "4.9.4"
},
{
"product": "Crucible Data Center",
"status": "AFFECTED",
"version": "4.9.5"
},
{
"product": "Crucible Data Center",
"status": "AFFECTED",
"version": "4.9.6"
},
{
"product": "Crucible Data Center",
"status": "AFFECTED",
"version": "4.9.7"
},
{
"product": "Crucible Data Center",
"status": "AFFECTED",
"version": "4.9.8"
},
{
"product": "Crucible Data Center",
"status": "AFFECTED",
"version": "4.9.9"
},
{
"product": "Crucible Server",
"status": "AFFECTED",
"version": "4.9.0"
},
{
"product": "Crucible Server",
"status": "AFFECTED",
"version": "4.9.1"
},
{
"product": "Crucible Server",
"status": "FIXED",
"version": "4.9.10"
},
{
"product": "Crucible Server",
"status": "AFFECTED",
"version": "4.9.2"
},
{
"product": "Crucible Server",
"status": "AFFECTED",
"version": "4.9.3"
},
{
"product": "Crucible Server",
"status": "AFFECTED",
"version": "4.9.4"
},
{
"product": "Crucible Server",
"status": "AFFECTED",
"version": "4.9.5"
},
{
"product": "Crucible Server",
"status": "AFFECTED",
"version": "4.9.6"
},
{
"product": "Crucible Server",
"status": "AFFECTED",
"version": "4.9.7"
},
{
"product": "Crucible Server",
"status": "AFFECTED",
"version": "4.9.8"
},
{
"product": "Crucible Server",
"status": "AFFECTED",
"version": "4.9.9"
}
],
"cve_id": "CVE-2026-5598",
"tracking_url": "https://jira.atlassian.com/browse/CRUC-8701"
}