Platform

Security Vulnerability API / Reference / REST API

Products

This resource represents Atlassian products' CVE information. Use it to retrieve information on what particular Atlassian products are affected by various CVEs.

Operations

GET/v1/products GET/v1/products/versions

GET

Get product and app information

Get a list of Atlassian apps and products with their associated CVE data. This data includes CVEs that affect each supported product/app version, the status of the vulnerability, and information on the CVE itself, such as a summary and severity.

Request

Query parameters

products

array<string>

apps

array<string>

cve_ids

array<CVEID>

version

string

Responses

Returns the current list of Atlassian products, apps, and CVE data.

Headers

Cache-Control

string

application/json

GetProductsResponse

GET/v1/products

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'https://api.atlassian.com/vuln-transparency/v1/products' \
  --header 'Accept: application/json'

200Response

{
  "products": {
    "Jira Service Management": {
      "versions": {
        "7.8.1": [
          {
            "CVE-2022-36800": "AFFECTED"
          }
        ]
      }
    },
    "Jira": {
      "versions": {
        "1.2.3": [
          {
            "CVE-2021-26079": "FIXED"
          }
        ]
      }
    }
  },
  "cve_metadata": {
    "CVE-2022-36800": {
      "cve_summary": "Isolated permissions bypass in Jira Service Management.",
      "cve_severity": 3.5,
      "atl_tracking_url": "https://jira.atlassian.com/browse/JSDSERVER-11900?jql=issuetype%20%3D%20%22Public%20Security%20Vulnerability%22%20AND%20%22CVE%20ID%22%20~%20%22CVE-2022-36800%22"
    },
    "CVE-2021-26079": {
      "cve_summary": "XSS in Jira Server and Jira Data Center.",
      "cve_severity": 4.7,
      "atl_tracking_url": "https://jira.atlassian.com/browse/JRASERVER-72396?jql=issuetype%20%3D%20%22Public%20Security%20Vulnerability%22%20AND%20%22CVE%20ID%22%20~%20%22CVE-2021-26079%22"
    }
  }
}

GET

Get versions associated with products

Get a list of Atlassian products and versions released after Jan 2021 associated with them

Request

This request has no parameters.

Responses

Returns the current list of Atlassian products and associated versions

Headers

Cache-Control

string

application/json

GetProductVersionsResponse

GET/v1/products/versions

curl

Node.js

Java

Python

PHP

1
2
3

curl --request GET \
  --url 'https://api.atlassian.com/vuln-transparency/v1/products/versions' \
  --header 'Accept: application/json'

200Response

{
  "Confluence Data Center": [
    "8.9.1",
    "8.9.0",
    "8.8.1",
    "8.8.0"
  ],
  "JIRA Service Management Data Center": [
    "5.15.2"
  ]
}