Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-21703

Опубликовано: 27 нояб. 2024
Источник: nvd
CVSS3: 6.4
EPSS Низкий

Описание

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations.

This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.

Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:

  • Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18
  • Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5
  • Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2
  • Confluence Data Center and

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
Версия до 7.19.18 (исключая)
cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
Версия от 8.5 (включая) до 8.5.5 (исключая)
cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
Версия от 8.7 (включая) до 8.7.2 (исключая)
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
Версия до 7.19.18 (исключая)
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.5.5 (исключая)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 4%
0.0002
Низкий

6.4 Medium

CVSS3

Дефекты

CWE-732

Связанные уязвимости

github логотип

GHSA-gmcv-67g3-vrwj

CVSS3: 6.4
github
10 месяцев назад

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18 * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5 * Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2 * Confluence Data Center ...

fstec логотип

BDU:2024-10772

CVSS3: 6.4
fstec
11 месяцев назад

Уязвимость файла конфигурации confluence-cfg.xml дата центра Confluence Data Center операционных систем Windows, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 4%
0.0002
Низкий

6.4 Medium

CVSS3

Дефекты

CWE-732