
PEACH
Uma estrutura de isolamento de inquilino
CVE-2024-21686 is a Stored Cross-Site Scripting (XSS) vulnerability affecting Confluence Data Center and Server version 7.13 and above. The vulnerability was discovered through Atlassian's Bug Bounty program and was disclosed on July 16, 2024. This high-severity vulnerability has received a CVSS score of 7.3 (NVD, Atlassian Bulletin).
The vulnerability is classified as a Stored XSS issue that allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser. The vulnerability has been assigned a CVSS v3.1 base score of 8.7 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N, indicating network accessibility, low attack complexity, and required user interaction (NVD).
The vulnerability has a high impact on both confidentiality and integrity, while having no direct impact on system availability. When successfully exploited, it allows attackers to execute malicious code in the context of other users' browsers, potentially leading to unauthorized access or data theft (Security Online).
Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version. For those unable to upgrade to the latest version, specific fixed versions are available: 8.9.1, 8.5.9 LTS, or 7.19.22 LTS. The vulnerability affects versions from 7.13 up through 8.9.0, and users should upgrade to the appropriate fixed version based on their current installation (Atlassian Bulletin).
Origem: Este relatório foi gerado usando IA
Avaliação de vulnerabilidade gratuita
Avalie suas práticas de segurança na nuvem em 9 domínios de segurança para comparar seu nível de risco e identificar lacunas em suas defesas.
Marque uma demonstração personalizada
"A melhor experiência do usuário que eu já vi, fornece visibilidade total para cargas de trabalho na nuvem."
"A Wiz fornece um único painel de vidro para ver o que está acontecendo em nossos ambientes de nuvem."
"Sabemos que se a Wiz identifica algo como crítico, na verdade é."