
Cloud Vulnerability DB
Eine von der Community geführte Datenbank für Schwachstellen
A High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability (CVE-2024-21690) was discovered in Confluence Data Center and Server. The vulnerability was introduced in multiple versions including 7.19.0, 7.20.0, 8.0.0 through 8.9.0. This security issue was reported through Atlassian's Bug Bounty program and was disclosed on August 20, 2024 (Atlassian Bulletin).
The vulnerability has been assigned a CVSS v3.0 score of 7.1 (High) with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser and force an end user to execute unwanted actions on a web application in which they're currently authenticated (ASEC Advisory).
The vulnerability has a high impact on confidentiality, low impact on integrity, and no impact on availability. It enables attackers to execute arbitrary HTML or JavaScript code in the victim's browser and can force end users to execute unwanted actions in web applications where they are authenticated (Atlassian Bulletin).
Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version. For those unable to do so, specific fixed versions are provided: Confluence Data Center and Server 7.19 should upgrade to version 7.19.26 or higher, version 8.5 should upgrade to 8.5.14 or higher, and version 9.0 should upgrade to 9.0.1 or higher (Atlassian Bulletin).
Quelle: Dieser Bericht wurde mithilfe von KI erstellt
Kostenlose Schwachstellenbewertung
Bewerten Sie Ihre Cloud-Sicherheitspraktiken in 9 Sicherheitsbereichen, um Ihr Risikoniveau zu bewerten und Lücken in Ihren Abwehrmaßnahmen zu identifizieren.
Eine personalisierte Demo anfordern
"Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads."
"„Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.“ "
"„Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch wirklich kritisch ist.“"