Atlassian has released patches for two high-severity vulnerabilities affecting its widely used products, Bamboo and Confluence. These security flaws have the potential to compromise sensitive data and disrupt operations for organizations relying on these platforms.
The first vulnerability, tracked as CVE-2024-21687 with a CVSS score of 8.1, impacts Bamboo Data Center and Server versions 9.0.0 through 9.6.3. This file inclusion vulnerability could enable an attacker to view the contents of local files or execute other files stored on the server, posing a significant risk to data confidentiality and integrity.
The second vulnerability, identified as CVE-2024-21686 with a CVSS score of 7.3, affects Confluence Data Center and Server version 7.13 and above. This stored cross-site scripting (XSS) vulnerability could allow an attacker to inject malicious code into web pages viewed by other users, potentially leading to unauthorized access or data theft.
Atlassian strongly recommends that Bamboo and Confluence users upgrade to the latest version or one of the specified fixed versions to mitigate this vulnerability. Failure to address these vulnerabilities could result in severe breaches of confidentiality and integrity, potentially compromising sensitive data and operational integrity.
For more detailed information and updates, visit Atlassian’s official security advisory page.
