Atlassian Confluence 3.x < 7.19.30 / 7.20.x < 8.5.18 / 8.6.x < 9.1.1 / 9.2.0 (CONFSERVER-98842)

🗓️ 06 Feb 2025 00:00:00Reported by TenableType

Atlassian Confluence versions are vulnerable to path traversal attacks affecting file security.

Reporter	Title	Published	Views	Family All 89
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench	30 Oct 202520:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager	20 Aug 202502:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge	11 Mar 202619:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024	26 Nov 202409:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities	27 Mar 202516:26	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Spring WebMvc affects watsonx.data	7 Feb 202510:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	15 Mar 202510:38	–	ibm
IBM Security Bulletins	Security Bulletin: vulerability in IBM Spectrum Symphony with spring webmvc	23 Oct 202520:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2025.	12 Jan 202617:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.11.jar CVE-2024-38819	28 Jan 202522:08	–	ibm

Source	Link
jira	www.jira.atlassian.com/browse/CONFSERVER-98842
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(215063);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/02/06");

  script_cve_id("CVE-2024-38819");

  script_name(english:"Atlassian Confluence 3.x < 7.19.30 / 7.20.x < 8.5.18 / 8.6.x < 9.1.1 / 9.2.0 (CONFSERVER-98842)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Atlassian Confluence host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in
the CONFSERVER-98842 advisory.

  - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are
    vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on
    the file system that is also accessible to the process in which the Spring application is running.
    (CVE-2024-38819)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/CONFSERVER-98842");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Atlassian Confluence version 7.19.30, 8.5.18, 9.1.1, 9.2.0 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-38819");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/10/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/12/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/02/06");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:confluence");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("confluence_detect.nasl", "confluence_nix_installed.nbin", "confluence_win_installed.nbin");
  script_require_keys("installed_sw/Atlassian Confluence");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'Atlassian Confluence');

var constraints = [
  { 'min_version' : '3.0', 'fixed_version' : '7.19.30' },
  { 'min_version' : '7.20.0', 'fixed_version' : '8.5.18' },
  { 'min_version' : '8.6.0', 'fixed_version' : '9.1.1', 'fixed_display' : '9.1.1 / 9.2.0' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);

06 Feb 2025 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.17.5

EPSS0.93507

SSVC