Описание
This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version.
If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html
You can download the latest version of Confluence Data Ce
Ссылки
- Vendor Advisory
- Issue TrackingVendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.3 High
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data...
Уязвимость веб-сервера Atlassian Confluence Server и дата центра Confluence Data Center связана с возможностью обхода пути к каталогу с ограниченным доступом, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации
EPSS
8.3 High
CVSS3
8.8 High
CVSS3