Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: High
Fix Version/s: 8.8.0, 8.7.2, 7.19.18, 8.5.5
Affects Version/s: 7.13.0, 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 2.7.0
Component/s: None
Labels:

CVSS Score:
8.5
CVSS Severity:
High
CVE ID:
CVE-2024-21678
Vulnerability Source:
Bug Bounty
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Vulnerability Classes:

Stored XSS
Affected Product(s):

Confluence Data Center

Description

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center.

This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires no user interaction.

Data Center

Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions:

Affected versions	Fixed versions
from 8.7.0 to 8.7.1	8.8.0 recommended or 8.7.2
from 8.6.0 to 8.6.1	8.8.0 recommended
from 8.5.0 to 8.5.4 LTS	8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
from 8.4.0 to 8.4.5	8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
from 8.3.0 to 8.3.4	8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
from 8.2.0 to 8.2.3	8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
from 8.1.0 to 8.1.4	8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
from 8.0.0 to 8.0.4	8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
from 7.20.0 to 7.20.3	8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
from 7.19.0 to 7.19.17 LTS	8.8.0 recommended or 8.5.6 LTS or 7.19.18 LTS or 7.19.19 LTS
from 7.18.0 to 7.18.3	8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS
from 7.17.0 to 7.17.5	8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS
Any earlier versions	8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS

Server

Atlassian recommends that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions:

Affected versions	Fixed versions
from 8.5.0 to 8.5.4 LTS	8.5.5 LTS or 8.5.6 LTS recommended
from 8.4.0 to 8.4.5	8.5.6 LTS recommended
from 8.3.0 to 8.3.4	8.5.6 LTS recommended
from 8.2.0 to 8.2.3	8.5.6 LTS recommended
from 8.1.0 to 8.1.4	8.5.6 LTS recommended
from 8.0.0 to 8.0.4	8.5.6 LTS recommended
from 7.20.0 to 7.20.3	8.5.6 LTS recommended
from 7.19.0 to 7.19.17 LTS	8.5.6 LTS recommended or 7.19.18 LTS or 7.19.19 LTS
from 7.18.0 to 7.18.3	8.5.6 LTS recommended or 7.19.19 LTS
from 7.17.0 to 7.17.5	8.5.6 LTS recommended or 7.19.19 LTS
Any earlier versions	8.5.6 LTS recommended or 7.19.19 LTS

See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center from the download center (https://www.atlassian.com/software/confluence/download-archives).

This vulnerability was reported via our Bug Bounty program.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Feb/2024 4:33 AM

Updated:: 13/Mar/2024 12:22 PM

Resolved:: 20/Feb/2024 6:00 PM