Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-98831

Security vulnerability -> cve-2024-38819 in spring-web-5.3.39-atlassian-2.jar

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Security
    • None
    • 1
    • 2
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      CONFLUENCE DATA CENTER
      Version 8.5.17
      CVSS Base Score: 7.5
      Affected spring framework, used by given Confluence Version.

      Security scan procedures reported following impact.

      Refer to 
      https://spring.io/security/cve-2024-38819
      https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1

      /opt/confluence/confluence/synchrony-proxy/WEB-INF/lib/spring-web-5.3.39-atlassian-2.jar

      Affected Versions:
      Spring Framework:
      5.3.0 - 5.3.40
      6.0.0 - 6.0.24
      6.1.0 - 6.1.13

      An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

      ....
      Sorry,was not allowed to create a vulnerability ticket.

              Unassigned Unassigned
              40e7b4e5f803 Harald Maierhofer
              Votes:
              4 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: