Atlassian Confluence 3.x < 7.19.29 / 8.0.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.1 < 9.1.1 (CONFSERVER-98484)

🗓️ 06 Feb 2025 00:00:00Reported by TenableType

Atlassian Confluence versions are vulnerable to path traversal attacks via specific static resource configurations.

Reporter	Title	Published	Views	Family All 71
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench	30 Oct 202520:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in VMware Tanzu Spring [CVE-2024-38816]	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager	20 Aug 202502:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge	11 Mar 202619:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to spring-webmvc-6.1.12 (CVE-2024-38816)	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	15 Mar 202510:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2024-38816, CVE-2024-38808, CVE-2024-35952)	19 Jun 202505:35	–	ibm
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for Junuary 2025.	7 Feb 202518:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webflux-5.3.27.jar	8 Jul 202506:43	–	ibm

Source	Link
jira	www.jira.atlassian.com/browse/CONFSERVER-98484
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(215061);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/02/06");

  script_cve_id("CVE-2024-38816");

  script_name(english:"Atlassian Confluence 3.x < 7.19.29 / 8.0.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.1 < 9.1.1 (CONFSERVER-98484)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Atlassian Confluence host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in
the CONFSERVER-98484 advisory.

  - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are
    vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on
    the file system that is also accessible to the process in which the Spring application is running.
    Specifically, an application is vulnerable when both of the following are true: * the web application uses
    RouterFunctions to serve static resources * resource handling is explicitly configured with a
    FileSystemResource location However, malicious requests are blocked and rejected when any of the following
    is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-
    security/reference/servlet/exploits/firewall.html is in use * the application runs on Tomcat or Jetty
    (CVE-2024-38816)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/CONFSERVER-98484");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Atlassian Confluence version 7.19.29, 8.5.17, 8.9.8, 9.1.1 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-38816");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/11/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/11/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/02/06");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:confluence");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("confluence_detect.nasl", "confluence_nix_installed.nbin", "confluence_win_installed.nbin");
  script_require_keys("installed_sw/Atlassian Confluence");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'Atlassian Confluence');

var constraints = [
  { 'min_version' : '3.0.0', 'fixed_version' : '7.19.29' },
  { 'min_version' : '8.0.1', 'fixed_version' : '8.5.17' },
  { 'min_version' : '8.6.0', 'fixed_version' : '8.9.8' },
  { 'min_version' : '9.0.1', 'fixed_version' : '9.1.1' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);

06 Feb 2025 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.5

EPSS0.9389

SSVC