Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-82351

Upgrade to Apache Tomcat version 9.0.69 or later

    XMLWordPrintable

Details

    • 19
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      The Docker images of confluence-server are shipped with Tomcat 9.0.65, which is vulnerable to CVE-2022-45143.

       

      Nessus report:

      Apache Tomcat 9.0.40 < 9.0.69

      Description

      The version of Tomcat installed on the remote host is prior to 9.0.69. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.69_security-9 advisory.

      • The JsonErrorReportValve did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. (CVE-2022-45143)

      Attachments

        Activity

          People

            Unassigned Unassigned
            0f503214693c Gerald Schneider
            Votes:
            9 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: