Confluence Data Center and Server update for spring-security-core
Published: 2024-06-19
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-22257 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Confluence Data Center Server applications / Other server solutions Atlassian Confluence Server Server applications / Web servers |
| Vendor | Atlassian |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper access control
EUVDB-ID: #VU87607
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22257
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions when the "AuthenticatedVoter#vote" passing a "null" Authentication parameter. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsConfluence Data Center: 1.1.2 - 8.9.0
Atlassian Confluence Server: 1.1.2 - 8.9.0
CPE2.3- cpe:2.3:a:atlassian:confluence_data_center:8.5.8:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:8.9.0:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.19.21:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:8.8.1:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:8.7.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:8.6.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:8.4.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:8.1.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:8.3.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.13.20:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:8.2.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:8.0.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.20.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.18.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.17.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.16.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.15.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.14.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.12.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.11.6:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.10.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.9.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.8.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.7.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.6.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.5.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.4.18:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.3.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.2.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.1.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:7.0.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.15.10:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.14.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.13.23:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.12.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.11.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.10.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.9.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.8.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.7.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.6.17:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.5.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.4.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.3.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.2.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.1.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:6.0.7:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.10.9:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.9.14:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.8.18:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.7.6:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.6.6:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.5.7:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.4.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.3.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.2.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.1.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:5.0.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:4.3.7:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:4.2.13:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:4.1.10:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:4.0.7:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:3.5.17:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:3.4.9:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:3.3.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:3.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:3.1.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:3.0.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:2.10.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:2.9.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:2.8.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:2.7.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:2.6.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:2.2.10:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:2.1.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:2.0.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:1.4.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:1.3.6:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:1.2.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:confluence_data_center:1.1.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:8.5.8:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:8.9.0:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.19.21:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:8.8.1:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:8.7.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:8.6.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:8.4.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:8.1.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:8.3.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.13.20:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:8.2.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.10.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.9.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.8.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.7.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.6.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:8.0.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.20.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.18.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.16.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.4.18:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.15.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.14.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.17.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.13.23:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.11.6:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.12.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.2.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.5.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.3.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.1.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:7.0.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.15.10:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.14.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.12.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.11.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.10.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.9.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.8.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.7.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.6.17:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.5.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.4.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.3.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.2.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.1.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:6.0.7:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.10.9:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.9.14:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.8.18:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.7.6:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.6.6:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.5.7:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.4.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.3.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.2.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.1.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:5.0.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:4.3.7:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:4.2.13:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:4.1.10:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:4.0.7:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:3.5.17:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:3.4.9:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:3.3.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:3.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:3.1.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:3.0.2:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:2.10.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:2.9.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:2.8.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:2.7.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:2.6.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:2.2.10:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:2.1.5:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:2.0.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:1.4.4:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:1.3.6:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:1.2.3:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:atlassian_confluence_server:1.1.2:*:*:*:*:*:*:
http://jira.atlassian.com/browse/CONFSERVER-95840
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
