- 65/2024
- High
Atlassian has released security updates to address several vulnerabilities across multiple Atlassian products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, trigger cross-site scripting attacks, perform denial of services attacks, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Atlassian Confluence Data Center and Server Cross-Site Scripting Vulnerability (CVE-2024-21678):
- CVSS: 8.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Cross-Site Scripting
2. Atlassian Assets Discovery Injection Vulnerability (CVE-2024-21682)
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
The affected products:
- Confluence Data Center and Server.
- Jira Software Data Center and Server.
- Assets Discovery.
- Jira Service Management Data Center and Server.
Vulnerabilities
- CVE-2024-21678
- CVE-2024-21682
- CVE-2023-5072
- CVE-2023-6378
- CVE-2023-46589
- CVE-2023-39410
- CVE-2023-2976
- CVE-2023-46589
- CVE-2023-2976
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.