High Severity Path Traversal Vulnerability Affects Confluence Data Center, Upgrade Recommended
CVE-2024-21677

8.3HIGH

Key Information:

Vendor: Atlassian
Status: Confluence Data Center
Vendor: CVE Published:; 19 March 2024

Badges

📰 News Worthy

Summary

The CVE-2024-21677 is a high severity Path Traversal vulnerability affecting Atlassian's Confluence Data Center and Server. It was introduced in version 6.13.0 and has a CVSS score of 8.3. The vulnerability allows an unauthenticated attacker to exploit it, impacting confidentiality, integrity, and availability. Atlassian recommends upgrading to the latest version or to a supported fixed version to address this vulnerability. There is no indication of exploitation by ransomware groups at this time.

Affected Version(s)

Confluence Data Center >= 6.13.0 < 6.13.0

Confluence Data Center >= 7.19.0 >= 7.19.0

Confluence Data Center >= 7.20.0 >= 7.20.0

News Articles

References

https://confluence.atlassian.com/pages/viewpage.action?pa...

https://jira.atlassian.com/browse/CONFSERVER-94604

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

📰
First article discovered by 安全内参
Mar 23, 2024
Vulnerability published
Mar 19, 2024
Vulnerability Reserved
Jan 1, 2024

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

References

CVSS V3.1

Timeline