CVE-2024-37890 — Vulnetix

CVE-2024-37890 PUBLISHED CVSS 7.5 HIGH

This High severity vulnerability known as CVE-2024-37890 was introduced in 3.3.3, 9.4.0, 9.2.3 of Confluence Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.10 * Confluence Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.1 * Confluence Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.5 * Confluence Data Center and Server 9.5: Upgrade to a release greater than or equal to 9.5.1 * Confluence Data Center and Server 10.1: Upgrade to a release greater than or equal to 10.1.0 * Confluence Data Center and Server 10.0: Upgrade to a release greater than or equal to 10.0.2 See the release notes. You can download the latest version of Confluence Data Center and Server from the download center.

EPSS 0.54% · 67.5th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.54%

67.5th percentile

Affected Products

Vendor	Product	Versions
Atlassian	Confluence Server
Atlassian	Confluence Data Center

Timeline

Jan 20, 1970 Fix PR Merged
Jan 21, 1970 Security Advisory
Feb 8, 2024 PoC Published
Jun 17, 2024 CVE Published
Jun 18, 2024 EPSS Score
Jul 10, 2024 EPSS Score
Aug 1, 2024 EPSS Score
Sep 15, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 7, 2024 EPSS Score
Oct 29, 2024 EPSS Score
Nov 20, 2024 EPSS Score

References

https://jira.atlassian.com/browse/CONFSERVER-101477 issue

Open in Interactive Console →