High Severity Reflected XSS and CSRF Vulnerability Affects Atlassian Confluence Products
CVE-2024-21690
Key Information:
- Vendor
- Atlassian
- Vendor
- CVE Published:
- 21 August 2024
Summary
The vulnerability allows unauthenticated attackers to execute arbitrary HTML or JavaScript code in the browser of a victim user. This gained access permits attackers to trigger unwanted actions in web applications where the user is currently authenticated, posing significant risks to user confidentiality. The flaw is linked to certain versions of Atlassian Confluence Data Center and Server, which span across major version releases from 7.19.x to 8.9.x. Users are advised to upgrade to specified fixed versions to mitigate potential exploitation. Refer to the release notes for more detailed guidance on upgrading.
Affected Version(s)
Confluence Data Center 8.9.0 to 8.9.5
Confluence Data Center 8.8.0 to 8.8.1
Confluence Data Center 8.7.1 to 8.7.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved