CVE-2024-21703

CWE-732 — Incorrect Permission Assignment10 documents5 sources

Severity

6.4MEDIUM

EPSS

0.0%

top 90.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Confluence Data Center Atlassian Confluence Server

Timeline

PublishedNov 27

Latest updateNov 21

Description

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recomm…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages3 packages

▶NVDatlassian/confluence_data_center8.5 — 8.5.5+2

▶CVEListV5atlassian/confluence_data_center8.7.1

▶NVDatlassian/confluence_server8.0.0 — 8.5.5+1

🔴Vulnerability Details

OSV

linux-xilinx-zynqmp vulnerabilities↗2025-05-02

▶

OSV

linux-oracle-5.15 vulnerabilities↗2025-04-25

▶

OSV

linux-azure-fips, linux-fips, linux-gcp-fips vulnerabilities↗2025-04-24

▶

OSV

linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-iot vulnerabilities↗2025-04-24

▶

OSV

linux-aws-fips vulnerabilities↗2025-04-24

▶

📋Vendor Advisories

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2025-13223↗2025-11-21

▶