-
Type:
Bug
-
Status: Done (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2.26.4
-
Labels:
-
Epic Link:
-
Critical Points:0
Description
A security vulnerability in Community Forums for Confluence has been discovered. The vulnerability is classified as high according to Atlassian's security severity levels and only affects Forums menu. We strongly recommend customers update to version 2.26.4 or later of Community Forums as soon as possible.
About the vulnerability
The vulnerability affects the Forums Menu on all versions after Community Forums for Confluence after version 2.4. The vulnerability allows a malicious user to inject a persistent cross-site scripting attack on the Forums menu. We have not detected any instances of this vulnerability being exploited across our entire customer base.
How to fix the vulnerability
This vulnerability can be fixed by upgrading to Community Forums for Confluence 2.26.4 or above. Full instructions on how to upgrade an app can be found on Atlassian's support page.
If you are unable to upgrade at this time we recommend you disable the Forums menu in the Community Forums for Confluence section of the Confluence Administrator menu.
For more information on how to do this please visit our documentation.
If you have urgent questions please contact our support team.