CVE-2024-21683 — Vulnetix

CVE-2024-21683 PUBLISHED CVSS 7.199999809265137 HIGH

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an admin-authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. \n h2. Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions: |Affected versions|Fixed versions| |8.9.0|8.9.1| |from 8.8.0 to 8.8.1|8.9.1| |from 8.7.0 to 8.7.2|8.9.1| |from 8.6.0 to 8.6.2|8.9.1| |from 8.5.0 to 8.5.8 LTS|8.9.1 or 8.5.9 LTS recommended| |from 8.4.0 to 8.4.5|8.9.1 or 8.5.9 LTS recommended| |from 8.3.0 to 8.3.4|8.9.1 or 8.5.9 LTS recommended| |from 8.2.0 to 8.2.3|8.9.1 or 8.5.9 LTS recommended| |from 8.1.0 to 8.1.4|8.9.1 or 8.5.9 LTS recommended| |from 8.0.0 to 8.0.4|8.9.1 or 8.5.9 LTS recommended| |from 7.20.0 to 7.20.3|8.9.1 or 8.5.9 LTS recommended| |from 7.19.0 to 7.19.21 LTS|8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS| |from 7.18.0 to 7.18.3|8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS| |from 7.17.0 to 7.17.5|8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS| |Any earlier versions|8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS| \n h2. Server Atlassian recommends that Confluence Server customers upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions: |Affected versions|Fixed versions| |from 8.5.0 to 8.5.8 LTS|8.5.9 LTS recommended| |from 8.4.0 to 8.4.5|8.5.9 LTS recommended| |from 8.3.0 to 8.3.4|8.5.9 LTS recommended| |from 8.2.0 to 8.2.3|8.5.9 LTS recommended| |from 8.1.0 to 8.1.4|8.5.9 LTS recommended| |from 8.0.0 to 8.0.4|8.5.9 LTS recommended| |from 7.20.0 to 7.20.3|8.5.9 LTS recommended| |from 7.19.0 to 7.19.21 LTS|8.5.9 LTS recommended or 7.19.22 LTS| |from 7.18.0 to 7.18.3|8.5.9 LTS recommended or 7.19.22 LTS| |from 7.17.0 to 7.17.5|8.5.9 LTS recommended or 7.19.22 LTS| |Any earlier versions|8.5.9 LTS recommended or 7.19.22 LTS| \n h2. See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was found internally.

EPSS 94.05% · 99.9th percentile

Risk Scores

CVSS v3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

94.05%

99.9th percentile

Affected Products

Vendor	Product	Versions
Atlassian	Confluence Data Center

Timeline

Jan 20, 1970 Metasploit Module
Jan 20, 1970 VulnCheck XDB Entry
Jan 20, 1970 Nuclei Template
Jan 20, 1970 Fix Commit
Jan 20, 1970 VulnCheck XDB Entry
Jan 20, 1970 VulnCheck XDB Entry
Jan 21, 1970 VulnCheck XDB Entry
Apr 7, 2022 PoC Published
Oct 21, 2023 PoC Published
May 21, 2024 CVE Published
May 22, 2024 EPSS Score
May 23, 2024 VulnCheck KEV Exploitation

References

https://jira.atlassian.com/browse/CONFSERVER-95832 issue

Open in Interactive Console →

$ Console Community · 100/wk Open console ›