CVE-2024-21703

Name of the Vulnerable Software and Affected Versions: Confluence Data Center and Server version 8.8.1 Confluence Data Center and Server versions prior to 7.19.18 Confluence Data Center and Server versions prior to 8.5.5 Confluence Data Center and Server versions prior to 8.7.2 Confluence Data Center and Server versions prior to 8.8.0

Description: The issue is related to a Security Misconfiguration vulnerability that allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration. This has a high impact on confidentiality, integrity, and availability, with no user interaction required. The vulnerability is associated with incorrect permission assignment for a critical resource, which can be exploited to elevate privileges and gain unauthorized access to protected information.

Recommendations: For Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18 For Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5 For Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2 For Confluence Data Center and Server 8.8: Upgrade to a release greater than or equal to 8.8.0 As a temporary workaround, consider restricting access to the confluence-cfg.xml file to minimize the risk of exploitation.