Atlassian Fixes CVE-2024-21687 & CVE-2024-21686 Vulnerabilities in Bamboo and Confluence

In a recent security advisory, Atlassian, a renowned software company known for its collaboration and productivity tools, has disclosed two high-severity vulnerabilities affecting its widely used products, Bamboo and Confluence. These security flaws have the potential to compromise sensitive data and disrupt operations for organizations relying on these platforms.

CVE-2024-21687 (CVSS 8.1): File Inclusion Vulnerability in Bamboo

The first vulnerability, tracked as CVE-2024-21687, impacts Bamboo Data Center and Server versions 9.0.0 through 9.6.3. This file inclusion vulnerability could enable an attacker to view the contents of local files or execute other files stored on the server, posing a significant risk to data confidentiality and integrity.

CVE-2024-21686 (CVSS 7.3): Stored XSS Vulnerability in Confluence

The second vulnerability, identified as CVE-2024-21686, affects Confluence Data Center and Server version 7.13 and above. This stored cross-site scripting (XSS) vulnerability could allow an attacker to inject malicious code into web pages viewed by other users, potentially leading to unauthorized access or data theft.

Update Now

Atlassian strongly recommends that Bamboo and Confluence users upgrade to the latest version or one of the specified fixed versions to mitigate this vulnerability. Failure to address these vulnerabilities could result in severe breaches of confidentiality and integrity, potentially compromising sensitive data and operational integrity. For more detailed information and updates, visit Atlassian’s official security advisory page.