CVE-2024-21677

Name of the Vulnerable Software and Affected Versions Confluence Data Center versions 6.13.0 through 8.8.0 Confluence Data Center versions 8.8.0 through 8.8.1 Confluence Server versions 8.5.0 through 8.5.6 Confluence Server versions 8.4.0 through 8.4.5 Confluence Server versions 8.3.0 through 8.3.4 Confluence Server versions 8.2.0 through 8.2.3 Confluence Server versions 8.1.0 through 8.1.4 Confluence Server versions 8.0.0 through 8.0.4 Confluence Server versions 7.20.0 through 7.20.3 Confluence Server versions 7.19.0 through 7.19.19 Confluence Server versions 7.18.0 through 7.18.3 Confluence Server versions 7.17.0 through 7.17.5 Confluence Server versions prior to 7.17.0

Description This Path Traversal vulnerability allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. The vulnerability was reported via the Bug Bounty program. It is estimated that over 684,000 services are affected, mainly distributed in the United States, China, and other countries.

Recommendations For Confluence Data Center version 6.13.0, upgrade to the latest version. For Confluence Data Center versions 8.8.0, upgrade to version 8.8.1. For Confluence Data Center versions 8.7.0 through 8.7.2, upgrade to version 8.8.1. For Confluence Data Center versions 8.6.0 through 8.6.2, upgrade to version 8.8.1. For Confluence Data Center versions 8.5.0 through 8.5.6, upgrade to version 8.8.1 or 8.5.7. For Confluence Data Center versions 8.4.0 through 8.4.5, upgrade to version 8.8.1 or 8.5.7. For Confluence Data Center versions 8.3.0 through 8.3.4, upgrade to version 8.8.1 or 8.5.7. For Confluence Data Center versions 8.2.0 through 8.2.3, upgrade to version 8.8.1 or 8.5.7. For Confluence Data Center versions 8.1.0 through 8.1.4, upgrade to version 8.8.1 or 8.5.7. For Confluence Data Center versions 8.0.0 through 8.0.4, upgrade to version 8.8.1 or 8.5.7. For Confluence Data Center versions 7.20.0 through 7.20.3, upgrade to version 8.8.1 or 8.5.7. For Confluence Data Center versions 7.19.0 through 7.19.19, upgrade to version 8.8.1 or 8.5.7 or 7.19.20. For Confluence Data Center versions 7.18.0 through 7.18.3, upgrade to version 8.8.1 or 8.5.7 or 7.19.20. For Confluence Data Center versions 7.17.0 through 7.17.5, upgrade to version 8.8.1 or 8.5.7 or 7.19.20. For Confluence Server version 8.5.0, upgrade to version 8.5.7. For Confluence Server versions 8.4.0 through 8.4.5, upgrade to version 8.5.7. For Confluence Server versions 8.3.0 through 8.3.4, upgrade to version 8.5.7. For Confluence Server versions 8.2.0 through 8.2.3, upgrade to version 8.5.7. For Confluence Server versions 8.1.0 through 8.1.4, upgrade to version 8.5.7. For Confluence Server versions 8.0.0 through 8.0.4, upgrade to version 8.5.7. For Confluence Server versions 7.20.0 through 7.20.3, upgrade to version 8.5.7. For Confluence Server versions 7.19.0 through 7.19.19, upgrade to version 8.5.7 or 7.19.20. For Confluence Server versions 7.18.0 through 7.18.3, upgrade to version 8.5.7 or 7.19.20. For Confluence Server versions 7.17.0 through 7.17.5, upgrade to version 8.5.7 or 7.19.20. As a temporary workaround, consider disabling the Confluence Cloud Migration Assistant plugin until a patch is available. Alternatively, upgrade the Confluence Cloud Migration Assistant plugin to version 3.9.5 or later.