
Cloud Vulnerability DB
Eine von der Community geführte Datenbank für Schwachstellen
CVE-2024-21686 is a Stored Cross-Site Scripting (XSS) vulnerability affecting Confluence Data Center and Server version 7.13 and above. The vulnerability was discovered through Atlassian's Bug Bounty program and was disclosed on July 16, 2024. This high-severity vulnerability has received a CVSS score of 7.3 (NVD, Atlassian Bulletin).
The vulnerability is classified as a Stored XSS issue that allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser. The vulnerability has been assigned a CVSS v3.1 base score of 8.7 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N, indicating network accessibility, low attack complexity, and required user interaction (NVD).
The vulnerability has a high impact on both confidentiality and integrity, while having no direct impact on system availability. When successfully exploited, it allows attackers to execute malicious code in the context of other users' browsers, potentially leading to unauthorized access or data theft (Security Online).
Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version. For those unable to upgrade to the latest version, specific fixed versions are available: 8.9.1, 8.5.9 LTS, or 7.19.22 LTS. The vulnerability affects versions from 7.13 up through 8.9.0, and users should upgrade to the appropriate fixed version based on their current installation (Atlassian Bulletin).
Quelle: Dieser Bericht wurde mithilfe von KI erstellt
Kostenlose Schwachstellenbewertung
Bewerten Sie Ihre Cloud-Sicherheitspraktiken in 9 Sicherheitsbereichen, um Ihr Risikoniveau zu bewerten und Lücken in Ihren Abwehrmaßnahmen zu identifizieren.
Eine personalisierte Demo anfordern
"Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads."
"„Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.“ "
"„Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch wirklich kritisch ist.“"