Robert Vogel (talk | contribs) Created page with "{| class="wikitable" |+ ! ! |- |Date |2026-06-22 |- |Severity |reported "high", BlueSpice assessment: '''not affected''' |- |Affected |<code>bluespice/migrate-confluence</code> Docker image (all versions) |- |Fixed in |Next regular update |- |CVE | * [https://nvd.nist.gov/vuln/detail/CVE-2026-8376 CVE-2026-8376] |} ==Problem== {| class="wikitable" !'''CVE''' !'''Component''' !'''Type of vulnerability''' !'''BlueSpice 5''' |- |CVE-2026-8376 |<code>bluespice/migrate-confl..." |
(No difference)
|
Latest revision as of 08:38, 22 June 2026
| Date | 2026-06-22 |
| Severity | reported "high", BlueSpice assessment: not affected |
| Affected | bluespice/migrate-confluence Docker image (all versions)
|
| Fixed in | Next regular update |
| CVE |
Problem
| CVE | Component | Type of vulnerability | BlueSpice 5 |
|---|---|---|---|
| CVE-2026-8376 | bluespice/migrate-confluence
|
Heap Buffer Overflow (Perl regex compilation, 32-bit only) | not affected |
Impact assessment
| CVE | Assessment | Mitigation without update |
|---|---|---|
| CVE-2026-8376 | Not affected. The vulnerability only applies to 32-bit Perl builds; the bluespice/migrate-confluence Docker image uses a 64-bit base image and therefore runs a 64-bit Perl. Additionally, the regular expressions used in the application are part of the application logic and cannot be injected by an attacker.
|
No action required. |
Solution
No immediate action required. The affected library will be updated in the next regular release.
