-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Medium
-
Affects Version/s: 7.13.8, 7.18.2
-
Component/s: Security
-
18
-
Severity 3 - Minor
-
21
This is reproducible on Data Center: yes
- The current version of Tomcat 9.0.63 is bundled with Confluence 7.18.2 and Confluence 7.13.8 are vulnerable to CVE-2022-34305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305
Steps to Reproduce
- -
Expected Results
-
Actual Results
-
Workaround
Manually updating Tomcat would be a valid workaround, however, checking the Tomcat download link we can see that the latest available version is
- For Tomcat 9, 9.0.64 http://archive.apache.org/dist/tomcat/tomcat-9/
So, not even Tomcat has released a version that has the fix for this CVE, looks like this vulnerability is currently undergoing analysis.
Opening a ticket to keep track of it on our side.
[Update from Jul 21, 2022]
Tomcat released the 9.0.65 version which contains the fix for this vulnerability (CVE-2022-34305):
- links to
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-