QID 731321

Confluence is team collaboration software written in Java.

CVE-2024-21677: This org.eclipse.jetty:jetty-http Dependency allows an unauthenticated attacker to expose assets in the environment susceptible to exploitation which has high impact on availability, and requires no user interaction.
Affected version:
Confluence Data Center and Server 8.8.0
Confluence Data Center and Server 8.7.0 to 8.7.2
Confluence Data Center and Server 8.6.0 to 8.6.2
Confluence Data Center and Server 8.5.0 to 8.5.6 LTS
Confluence Data Center and Server 8.4.0 to 8.4.5
Confluence Data Center and Server 8.3.0 to 8.3.4
Confluence Data Center and Server 8.2.0 to 8.2.3.
Confluence Data Center and Server 8.1.0 to 8.1.4.
Confluence Data Center and Server 8.0.0 to 8.0.4.
Confluence Data Center and Server 7.20.0 to 7.20.3.
Confluence Data Center and Server 7.19.0 to 7.19.19 LTS.
Confluence Data Center and Server 7.18.0 to 7.18.3.
Confluence Data Center and Server 5.3 to 7.17.5.

QID Detection Logic(Unauthenticated):
It checks for vulnerable versions of Atlassian Confluence Server.

QID Detection Logic(Authenticated):
Operating System: (Windows) The QID checks for vulnerable versions of the Confluence Server.BR> Note: The QID will only detect MSI installation on Windows.
Operating System: (Unix)
The QID checks for vulnerable versions of the Confluence Server advised by the vendor.

Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.