BSI has revealed the present IT safety discover for Atlassian Confluence. Several dangers have been recognized. You can discover out extra in regards to the affected functions and merchandise and the CVE numbers right here at information.de.
Federal Office for Security in Information Technology (BSI) revealed a safety advisory for Atlassian Confluence on May 21, 2024. The report highlights a number of vulnerabilities that could possibly be exploited by attackers. The safety vulnerability impacts UNIX and Windows functions and the Atlassian Confluence product.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Atlassian vulnerability CONFSERVER-95834 (From 21 May 2024). Some helpful assets are listed later on this article.
Multiple vulnerabilities have been reported for Atlassian Confluence – Risk: High
Risk degree: 4 (excessive)
CVSS Base Score: 9.8
CVSS provisional rating: 8,5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in pc techniques. The CVSS normal makes it doable to check potential or precise safety dangers primarily based on numerous metrics with a view to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For short-term impact, body situations which will change over time are thought-about within the check. The magnitude of the present vulnerability is classed as “excessive” in accordance with the CVSS with a base rating of 9.8.
Atlassian Confluence Bug: Vulnerability and CVE numbers
Confluence is a industrial wiki software program.
A distant, unknown attacker may exploit a number of vulnerabilities in Atlassian Confluence to execute arbitrary code, expose delicate data, and trigger a denial of service.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) product numbers. CVE-2024-1597, CVE-2024-21683, CVE-2024-23672, CVE-2024-24549 and CVE-2023-45859 on the market.
Systems affected by the safety hole at a look
Operating techniques
UNIX, Windows
Products
Atlassian Confluence Atlassian Confluence Atlassian Confluence Atlassian Confluence
General suggestions for addressing IT safety gaps
- Users of affected techniques ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically comprises further details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace obtainable.
Manufacturer details about updates, patches and workarounds
Here you’ll find some hyperlinks with details about bug experiences, safety fixes and workarounds.
Atlassian Vulnerability CONFSERVER-95834 vom 2024-05-21 (21.05.2024)
For extra data, see:
Atlassian Vulnerability CONFSERVER-95835 vom 2024-05-21 (21.05.2024)
For extra data, see:
Atlassian Vulnerability CONFSERVER-95832 vom 2024-05-21 (21.05.2024)
For extra data, see:
Atlassian Vulnerability CONFSERVER-95837 vom 2024-05-21 (21.05.2024)
For extra data, see:
Atlassian Vulnerability CONFSERVER-95839 vom 2024-05-21 (21.05.2024)
For extra data, see:
Atlassian Security Bulletin May 2024 vom 2024-05-21 (21.05.2024)
For extra data, see:
Version historical past of this safety alert
This is the primary model of this IT safety discover for Atlassian Confluence. If updates are introduced, this doc shall be up to date. You can see the adjustments made utilizing the model historical past under.
May 21, 2024 – First model
+++ Editorial word: This doc is predicated on present BSI information and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
Follow up News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll find scorching information, present movies and a direct line to the editorial group.
kns/roj/information.de