CVE-2024-21678

Опубликовано: 20 фев. 2024

Источник: nvd

CVSS3: 8.5

EPSS Низкий

Описание

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center.

This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires no user interaction. Data Center

Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected versions||Fixed versions|| |from 8.7.0 to 8.7.1|8.8.0 recommended or 8.7.2| |from 8.6.0 to 8.6.1|8.8.0 recommended| |from 8.5.0 to 8.5.4 LTS|8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS| |from 8.4.0 to 8.4.5|8.8.0 recommended or 8.5.6 LTS| |from 8.3.0 to 8.3.4|8.8.0 recommended or 8.5.6 LTS| |from 8.2.0 to 8.2.3|8.8.0 recommended or 8.5.6 LTS| |from 8.1.0 to 8.1.4|8.8.0 recommended o

Ссылки

https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606
Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-94513
Issue Tracking
Vendor Advisory
https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606
Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-94513
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*

Версия до 7.19.19 (исключая)

cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*

Версия от 7.20.0 (включая) до 8.5.5 (исключая)

cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*

Версия от 8.6.0 (включая) до 8.7.2 (исключая)

cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*

Версия до 7.19.19 (исключая)

cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*

Версия от 7.20.0 (включая) до 8.5.5 (исключая)

EPSS

Процентиль: 74%

0.0084

Низкий

8.5 High

CVSS3

8.5 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-hvfx-qp2c-x42h

CVSS3: 8.5

github

больше 1 года назад

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires no user interaction. Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected versions||Fixed versions|| |from 8.7.0 to 8.7.1|8.8.0 recommended or 8.7.2| |from 8.6.0 to 8.6.1|8.8.0 recommended| |from 8.5.0 to 8.5.4 LTS|8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS| |from 8.4.0 to 8.4.5|8.8.0 recommended or 8.5.6 LTS| |from 8.3.0 to 8.3.4|8.8.0 recommended or 8.5.6 LTS| |from 8.2.0 to 8.2.3|8.8.0 recommended or 8.5.6 LTS| |from 8.1.0 to 8.1.4|8.8.0 recommended or 8.5.6 LT...

BDU:2024-01509

CVSS3: 8.5

fstec

больше 1 года назад

Уязвимость веб-сервера Atlassian Confluence Server и дата центра Confluence Data Center, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 74%

0.0084

Низкий

8.5 High

CVSS3

8.5 High

CVSS3

Дефекты

CWE-79