CVE-2024-21686 — HIGH (8.7)

Q: How severe is CVE-2024-21686?

CVE-2024-21686 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-21686?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Confluence Data Center, Atlassian Confluence Server.

Vulnerability Description

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions listed on this CVE See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was reported via our Bug Bounty program.

CVSS Score

8.7

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Atlassian	Confluence Data Center	< 7.19.22
Atlassian	Confluence Server	< 7.19.22

Related Weaknesses (CWE)

CWE-79

References

https://confluence.atlassian.com/pages/viewpage.action?pageId=1417150917Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-96134Issue Tracking
https://confluence.atlassian.com/pages/viewpage.action?pageId=1417150917Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-96134Issue Tracking

FAQ

What is CVE-2024-21686?

CVE-2024-21686 is a vulnerability with a CVSS score of 8.7 (HIGH). This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated atta...

How severe is CVE-2024-21686?

CVE-2024-21686 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-21686?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Confluence Data Center, Atlassian Confluence Server.