QID 731282

Confluence is team collaboration software written in Java.

CVE-2024-21677: This Path Traversal vulnerability, allows an unauthenticated attacker to exploit an undefinable vulnerability which has a high impact on confidentiality, high impact to integrity, high impact to availability and requires user interaction.
CVE-2023-36478: This org.eclipse.jetty:jetty-http Dependency vulnerability, allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction.

Affected version:
Confluence Data Center and Server 8.8.0
Confluence Data Center and Server 8.7.0 to 8.7.2
Confluence Data Center and Server 8.6.0 to 8.6.2
Confluence Data Center and Server 8.5.0 to 8.5.6 LTS
Confluence Data Center and Server 8.4.0 to 8.4.5
Confluence Data Center and Server 8.3.0 to 8.3.4
Confluence Data Center and Server 8.2.0 to 8.2.3.
Confluence Data Center and Server 8.1.0 to 8.1.4.
Confluence Data Center and Server 8.0.0 to 8.0.4.
Confluence Data Center and Server 7.20.0 to 7.20.3.
Confluence Data Center and Server 7.19.0 to 7.19.19 LTS.
Confluence Data Center and Server 7.18.0 to 7.18.3.
Confluence Data Center and Server 7.17.0 to 7.17.5.
Any earlier versions than 7.17.0.

QID Detection Logic(Unauthenticated):
It checks for vulnerable versions of Atlassian Confluence Server.

QID Detection Logic(Authenticated):
Operating System: (Windows) The QID checks for vulnerable versions of the Confluence Server.BR> Note: The QID will only detect MSI installation on Windows.
Operating System: (Unix)
The QID checks for vulnerable versions of the Confluence Server advised by the vendor.

Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.