CVE-2024-21677

CWE-22 — Path Traversal4 documents4 sources

Severity

8.8HIGH

EPSS

2.6%

top 14.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Confluence Data Center Atlassian Confluence Server

Timeline

PublishedMar 19

Description

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, up…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDatlassian/confluence_data_center6.13.0 — 7.19.20+2

▶CVEListV5atlassian/confluence_data_center12 versions+11

▶NVDatlassian/confluence_server6.13.0 — 7.19.20+1

🔴Vulnerability Details

CVEList

CVE-2024-21677: This High severity Path Traversal vulnerability was introduced in version 6↗2024-03-19

▶

GHSA

GHSA-vcmw-wwpg-fvfx: This High severity Path Traversal vulnerability was introduced in version 6↗2024-03-19

▶

📋Vendor Advisories

Atlassian

CVE-2024-21677: 8.8.0 8.7.0 to 8.7.2 8.6.0 to 8.6.2 8.5.0 to 8.5.6 (LTS) 8.4.0 to 8.4.5 8.3.0 to 8.3.4 8.2.0 to 8.2.3 8.1.0 to 8.1.4 8.0↗2024-03-19

▶