CVE-2024-21678
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Summary
This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center.
This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires no user interaction. Data Center
Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected versions||Fixed versions|| |from 8.7.0 to 8.7.1|8.8.0 recommended or 8.7.2| |from 8.6.0 to 8.6.1|8.8.0 recommended| |from 8.5.0 to 8.5.4 LTS|8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS| |from 8.4.0 to 8.4.5|8.8.0 recommended or 8.5.6 LTS| |from 8.3.0 to 8.3.4|8.8.0 recommended or 8.5.6 LTS| |from 8.2.0 to 8.2.3|8.8.0 recommended or 8.5.6 LTS| |from 8.1.0 to 8.1.4|8.8.0 recommended or 8.5.6 LTS| |from 8.0.0 to 8.0.4|8.8.0 recommended or 8.5.6 LTS| |from 7.20.0 to 7.20.3|8.8.0 recommended or 8.5.6 LTS| |from 7.19.0 to 7.19.17 LTS|8.8.0 recommended or 8.5.6 LTS or 7.19.18 LTS or 7.19.19 LTS| |from 7.18.0 to 7.18.3|8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS| |from 7.17.0 to 7.17.5|8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS| |Any earlier versions|8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS| Server
Atlassian recommends that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
||Affected versions||Fixed versions|| |from 8.5.0 to 8.5.4 LTS|8.5.5 LTS or 8.5.6 LTS recommended | |from 8.4.0 to 8.4.5|8.5.6 LTS recommended| |from 8.3.0 to 8.3.4|8.5.6 LTS recommended| |from 8.2.0 to 8.2.3|8.5.6 LTS recommended| |from 8.1.0 to 8.1.4|8.5.6 LTS recommended| |from 8.0.0 to 8.0.4|8.5.6 LTS recommended| |from 7.20.0 to 7.20.3|8.5.6 LTS recommended| |from 7.19.0 to 7.19.17 LTS|8.5.6 LTS recommended or 7.19.18 LTS or 7.19.19 LTS| |from 7.18.0 to 7.18.3|8.5.6 LTS recommended or 7.19.19 LTS| |from 7.17.0 to 7.17.5|8.5.6 LTS recommended or 7.19.19 LTS| |Any earlier versions|8.5.6 LTS recommended or 7.19.19 LTS|
See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).
This vulnerability was reported via our Bug Bounty program.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Confluence Data Center | < 2.7.0 | unaffected |
| Atlassian | Confluence Data Center | >= 2.7.0 | affected |
| Atlassian | Confluence Data Center | >= 7.13.0 | affected |
| Atlassian | Confluence Data Center | >= 7.19.0 | affected |
| Atlassian | Confluence Data Center | >= 7.20.0 | affected |
| Atlassian | Confluence Data Center | >= 8.0.0 | affected |
| Atlassian | Confluence Data Center | >= 8.1.0 | affected |
| Atlassian | Confluence Data Center | >= 8.2.0 | affected |
| Atlassian | Confluence Data Center | >= 8.3.0 | affected |
| Atlassian | Confluence Data Center | >= 8.4.0 | affected |
| Atlassian | Confluence Data Center | >= 8.5.0 | affected |
| Atlassian | Confluence Data Center | >= 8.6.0 | affected |
| Atlassian | Confluence Data Center | >= 8.7.1 | affected |
| Atlassian | Confluence Data Center | >= 7.19.18 | unaffected |
| Atlassian | Confluence Data Center | >= 8.5.5 | unaffected |
| Atlassian | Confluence Data Center | >= 8.7.2 | unaffected |
| Atlassian | Confluence Data Center | >= 8.8.0 | unaffected |
Weaknesses
- Stored XSS
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606
- https://jira.atlassian.com/browse/CONFSERVER-94513
References
- https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606
- https://jira.atlassian.com/browse/CONFSERVER-94513
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.