{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/jira-service-management/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.4,"id":"CVE-2026-21571"},{"cvss":9.8,"id":"CVE-2022-1471"},{"cvss":10,"id":"CVE-2024-47875"},{"cvss":9.4,"id":"CVE-2021-31597"},{"cvss":9.2,"id":"CVE-2026-25547"},{"cvss":8.7,"id":"CVE-2026-33871"},{"cvss":7.5,"id":"CVE-2026-24880"},{"cvss":7.5,"id":"CVE-2026-33870"},{"cvss":7.5,"id":"CVE-2026-24734"},{"cvss":7.5,"id":"CVE-2026-25639"},{"cvss":7.3,"id":"CVE-2024-45801"},{"cvss":7.5,"id":"CVE-2022-25927"},{"cvss":8.8,"id":"CVE-2026-23950"},{"cvss":8.7,"id":"CVE-2026-29063"},{"cvss":8.2,"id":"CVE-2026-23745"},{"cvss":8.2,"id":"CVE-2026-24842"},{"cvss":8.2,"id":"CVE-2026-31802"},{"cvss":8,"id":"CVE-2026-22029"},{"cvss":7.1,"id":"CVE-2026-26960"},{"cvss":7.5,"id":"CVE-2025-66020"},{"cvss":7.5,"id":"CVE-2024-29371"},{"cvss":7.5,"id":"CVE-2023-48631"},{"cvss":8.8,"id":"CVE-2025-48734"},{"cvss":7.5,"id":"CVE-2021-0341"},{"cvss":7.5,"id":"CVE-2023-1370"},{"cvss":7.5,"id":"CVE-2023-3635"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Bamboo","Bitbucket","Confluence","Jira","Jira Service Management"],"_cs_severities":["critical"],"_cs_tags":["atlassian","vulnerability","code-execution","xss"],"_cs_type":"advisory","_cs_vendors":["Atlassian"],"content_html":"\u003cp\u003eAtlassian\u0026rsquo;s April 21, 2026 security bulletin patches 26 CVEs across Bamboo, Bitbucket, Confluence, Jira, and Jira Service Management — including five rated Critical. The highest-severity issue is CVE-2024-47875 (CVSS 10.0), a mutation XSS vulnerability in the dompurify dependency affecting Jira and JSM. CVE-2022-1471 (CVSS 9.8) enables remote code execution via a YAML deserialization flaw in org.yaml:snakeyaml, affecting Confluence, Jira, and JSM. CVE-2026-21571 (CVSS 9.4) allows OS command injection in Bamboo Data Center and Server. CVE-2021-31597 (CVSS 9.4) is a man-in-the-middle vulnerability in Jira Service Management via the xmlhttprequest dependency. CVE-2026-25547 (CVSS 9.2) enables privilege escalation in Confluence Data Center and Server. The remaining 21 vulnerabilities are rated High and cover DoS (netty, axios, okio, brace-expansion, snakeyaml), HTTP request smuggling (Tomcat, Netty), path traversal and file inclusion (node-tar), and additional XSS issues. All vulnerabilities stem from third-party dependencies bundled in Atlassian products.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access:\u003c/strong\u003e An attacker identifies a vulnerable Atlassian product instance (Bamboo, Bitbucket, Confluence, Jira, or Jira Service Management) accessible over the network.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Exploitation:\u003c/strong\u003e The attacker leverages an unknown vulnerability to inject malicious code into the application, possibly through a crafted HTTP request.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCode Execution:\u003c/strong\u003e The injected code executes within the context of the Atlassian application, allowing the attacker to run arbitrary commands on the server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation:\u003c/strong\u003e The attacker leverages the initial code execution to escalate privileges, potentially gaining root or administrator access.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDefense Evasion:\u003c/strong\u003e The attacker attempts to disable security logging or other monitoring mechanisms to avoid detection.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Manipulation/Exfiltration:\u003c/strong\u003e The attacker accesses sensitive data stored within the Atlassian application or connected databases, manipulating or exfiltrating it for malicious purposes.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement:\u003c/strong\u003e Using compromised credentials or established footholds, the attacker moves laterally to other systems within the network.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact:\u003c/strong\u003e The attacker achieves their final objective, such as deploying ransomware, stealing intellectual property, or disrupting business operations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could result in significant damage, including complete compromise of Atlassian servers, data breaches, and disruption of critical business processes. The number of potential victims is substantial, as these Atlassian products are widely used across various industries. The impact ranges from data loss and financial damage to reputational harm and legal liabilities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to detect potential exploitation attempts targeting Atlassian products.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity, especially HTTP requests targeting Atlassian applications, to detect potential vulnerability exploitation.\u003c/li\u003e\n\u003cli\u003eEnable and review audit logs within Atlassian products (Bamboo, Bitbucket, Confluence, Jira, Jira Service Management) for suspicious activity.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the potential impact of a successful breach originating from a compromised Atlassian server.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T08:31:27Z","date_published":"2026-04-28T08:31:27Z","id":"https://feed.craftedsignal.io/briefs/2026-04-atlassian-vulns/","summary":"Multiple vulnerabilities in Atlassian Bamboo, Bitbucket, Confluence, Jira, and Jira Service Management allow attackers to execute arbitrary code, bypass security measures, manipulate data, disclose information, or perform cross-site scripting attacks.","title":"Multiple Vulnerabilities in Atlassian Products","url":"https://feed.craftedsignal.io/briefs/2026-04-atlassian-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Jira Service Management","version":"https://jsonfeed.org/version/1.1"}