CVE-2024-21703
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-21703 is a Medium severity Security Misconfiguration vulnerability affecting Confluence Data Center and Server for Windows installations in version 8.8.1. This issue, with a CVSS Score of 6.4, enables authenticated attackers to access sensitive Confluence Data Center configuration information, posing high risks to confidentiality, integrity, and availability. Atlassian advises customers to upgrade to the latest version or supported fixed versions: Confluence Data Center and Server 7.19 (7.19.18 or later), 8.5 (8.5.5 or later), 8.7 (8.7.2 or later), and 8.8 (8.8.0 or later). More information, including download links, can be found in the release notes and the Atlassian download center. The vulnerability was reported via the Atlassian Bug Bounty Program by Chris Elliot.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.