This high severity Patch Management vulnerability was introduced in version 7.13.15 of Confluence Data Center & Server.
This Patch Management vulnerability, with CVSS Score(s) of 7.5, allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction.
The following Confluence Data Center & Server versions are affected:
>= 7.13.15 < 7.13.19
>= 7.19.7 < 7.19.11
>= 8.1.1 < 8.4.1
Atlassian recommends that you upgrade your instance to latest version, if you’re unable to do so, upgrade to these fixed versions: 7.13.19, 7.19.11, 8.4.1. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives]).
The following is the listed NVD description for this vulnerability’s CVE: