CVE-2024-21690

Name of the Vulnerable Software and Affected Versions Confluence Data Center and Server versions 7.19.0 through 8.9.0 Confluence Data Center and Server version 4.3

Description This Reflected XSS and CSRF vulnerability allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser and force a end user to execute unwanted actions on a web application in which they're currently authenticated. This has high impact to confidentiality, low impact to integrity, and no impact to availability, and requires user interaction.

Recommendations For Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.26 For Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.14 For Confluence Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 For Confluence Data Center and Server 9.0: Upgrade to a release greater than or equal to 9.0.1 For version 4.3, there is no information about a newer version that contains a fix for this vulnerability.