漏洞标题
N/A
漏洞描述信息
这个严重等级为高(High severity)的远程代码执行(RCE)漏洞是在Confluence Data Center和Server的版本5.2中引入的。
这个RCE(远程代码执行)漏洞,其CVSS评分为7.2,允许已认证的攻击者执行任意代码,该代码对机密性、完整性和可用性有高影响,并且不需要用户交互。
Atlassian建议Confluence Data Center和Server的用户升级到最新版本。如果无法这样做,可以将实例升级到指定的受支持的修复版本之一。请参阅发布说明:https://confluence.atlassian.com/doc/confluence-release-notes-327.html
您可以从下载中心下载Confluence Data Center和Server的最新版本:https://www.atlassian.com/software/confluence/download-archives。
此漏洞是在内部发现的。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
对生成代码的控制不恰当(代码注入)
漏洞标题
N/A
漏洞描述信息
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html
You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.
This vulnerability was found internally.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Atlassian Confluence 安全漏洞
漏洞描述信息
Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞,该漏洞源于存在远程代码执行问题,允许经过身份验证的攻击者执行任意代码。
CVSS信息
N/A
漏洞类别
其他