This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations.
This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
* Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18
* Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5
* Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2
* Confluence Data Center and Server 8.8: Upgrade to a release greater than or equal to 8.8.0
See the release notes (https://confluence.atlassian.com/conf88/confluence-release-notes-1354501008.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).
This vulnerability was reported via our Atlassian Bug Bounty Program by Chris Elliot.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/CONFSERVER-98413 |
History
Wed, 27 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Atlassian
Atlassian confluence Data Center Atlassian confluence Server |
|
Weaknesses | CWE-732 | |
CPEs | cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Atlassian
Atlassian confluence Data Center Atlassian confluence Server |
|
Metrics |
cvssV3_1
|
Wed, 27 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18 * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5 * Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2 * Confluence Data Center and Server 8.8: Upgrade to a release greater than or equal to 8.8.0 See the release notes (https://confluence.atlassian.com/conf88/confluence-release-notes-1354501008.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). This vulnerability was reported via our Atlassian Bug Bounty Program by Chris Elliot. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2024-11-27T17:00:01.507Z
Updated: 2024-11-27T17:33:53.585Z
Reserved: 2024-01-01T00:05:33.849Z
Link: CVE-2024-21703
Vulnrichment
Updated: 2024-11-27T17:33:37.351Z
NVD
Status : Received
Published: 2024-11-27T17:15:10.260
Modified: 2024-11-27T18:15:08.720
Link: CVE-2024-21703
Redhat
No data.