High Severity Path Traversal Vulnerability Affects Confluence Data Center, Upgrade Recommended

CVE-2024-21677

8.3HIGH

Key Information

Vendor: Atlassian
Status: Confluence Data Center
Vendor: CVE Published:; 19 March 2024

Badges

📰 News Worthy

Summary

The CVE-2024-21677 is a high severity Path Traversal vulnerability affecting Atlassian's Confluence Data Center and Server. It was introduced in version 6.13.0 and has a CVSS score of 8.3. The vulnerability allows an unauthenticated attacker to exploit it, impacting confidentiality, integrity, and availability. Atlassian recommends upgrading to the latest version or to a supported fixed version to address this vulnerability. There is no indication of exploitation by ransomware groups at this time.

Affected Version(s)

Confluence Data Center >= 6.13.0

Confluence Data Center < 6.13.0

Confluence Data Center >= 7.19.0

News Articles

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

First article discovered by 安全内参
Mar 23, 2024
Risk change from: null to: 8.3 - (HIGH)
Mar 19, 2024
Vulnerability published.
Mar 19, 2024
Vulnerability Reserved.
Jan 1, 2024

Collectors

NVD DatabaseMitre Database6 News Article(s)