
Cloud Vulnerability DB
コミュニティ主導の脆弱性データベース
CVE-2024-21686 is a Stored Cross-Site Scripting (XSS) vulnerability affecting Confluence Data Center and Server version 7.13 and above. The vulnerability was discovered through Atlassian's Bug Bounty program and was disclosed on July 16, 2024. This high-severity vulnerability has received a CVSS score of 7.3 (NVD, Atlassian Bulletin).
The vulnerability is classified as a Stored XSS issue that allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser. The vulnerability has been assigned a CVSS v3.1 base score of 8.7 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N, indicating network accessibility, low attack complexity, and required user interaction (NVD).
The vulnerability has a high impact on both confidentiality and integrity, while having no direct impact on system availability. When successfully exploited, it allows attackers to execute malicious code in the context of other users' browsers, potentially leading to unauthorized access or data theft (Security Online).
Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version. For those unable to upgrade to the latest version, specific fixed versions are available: 8.9.1, 8.5.9 LTS, or 7.19.22 LTS. The vulnerability affects versions from 7.13 up through 8.9.0, and users should upgrade to the appropriate fixed version based on their current installation (Atlassian Bulletin).
ソース: このレポートは AI を使用して生成されました
無料の脆弱性評価
9つのセキュリティドメインにわたるクラウドセキュリティプラクティスを評価して、リスクレベルをベンチマークし、防御のギャップを特定します。
パーソナライズされたデモを見る
"私が今まで見た中で最高のユーザーエクスペリエンスは、クラウドワークロードを完全に可視化します。"
"Wiz を使えば、クラウド環境で何が起こっているかを 1 つの画面で確認することができます"
"Wizが何かを重要視した場合、それは実際に重要であることを私たちは知っています。"