Atlassian Confluence 2.2.x < 8.5.21 / 8.6.x < 9.2.2 / 9.3.x < 9.3.2 (CONFSERVER-99568)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(237198);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/05/23");

  script_cve_id("CVE-2024-47072");
  script_xref(name:"IAVA", value:"2025-A-0369");

  script_name(english:"Atlassian Confluence 2.2.x < 8.5.21 / 8.6.x < 9.2.2 / 9.3.x < 9.3.2 (CONFSERVER-99568)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Atlassian Confluence host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in
the CONFSERVER-99568 advisory.

  - XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a
    remote attacker to terminate the application with a stack overflow error resulting in a denial of service
    only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver.
    XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the
    stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users
    unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is
    configured to use the BinaryStreamDriver. (CVE-2024-47072)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/CONFSERVER-99568");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Atlassian Confluence version 8.5.21, 9.2.2, 9.3.2 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-47072");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/11/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/23");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:confluence");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("confluence_detect.nasl", "confluence_nix_installed.nbin", "confluence_win_installed.nbin");
  script_require_keys("installed_sw/Atlassian Confluence");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'Atlassian Confluence');

var constraints = [
  { 'min_version' : '2.2.0', 'fixed_version' : '8.5.21' },
  { 'min_version' : '8.6.0', 'fixed_version' : '9.2.2' },
  { 'min_version' : '9.3.1', 'fixed_version' : '9.3.2' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);