PT-2024-1276 · Atlassian · Confluence
Ddv_Ua
+1
·
Published
2024-01-15
·
Updated
2024-08-29
·
CVE-2024-21674
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Confluence Data Center and Server versions 7.13.0 through 7.19.17
Confluence Data Center and Server versions 8.5.0 through 8.5.4
Confluence Data Center and Server versions 8.7.0 through 8.7.1
Description
This is a High severity Remote Code Execution (RCE) vulnerability that allows an unauthenticated attacker to expose assets in the environment susceptible to exploitation, with high impact to confidentiality and no impact to integrity or availability. The vulnerability is related to insufficient input validation.
Recommendations
For Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release
For Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release
For Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Confluence