VDB
WID-SEC-W-2024-1401
WID-SEC-W-2024-1401
PUBLISHED
CVSS 8.699999809265137 HIGH
Crucible ist eine Code-Review-Lösung für Unternehmensteams. Fisheye ist ein Quellcode-Repository-Browser für Unternehmensteams.
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian Fisheye <4.8.15 | ||
| Atlassian Crucible <4.8.15 |
Exploit Intelligence
- CVE-2024-21683 Confluence Post Auth RCE (github-poc)
- phucrio/CVE-2024-21683-RCE (github-poc)
- This vulnerability could allow an attacker to take complete control of a vulnerable Confluence server. This could allow the attacker to steal data, modify data, or disrupt the availability of the server. (github-poc)
- CVE-2024-21683 Confluence Post Auth RCE (github-poc)
- This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server. The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API. This allows an attacker to inject malicious code into the Confluence server, which can then be executed by the server (github-poc)
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1401.json (circl)
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1401 (circl)
- https://jira.atlassian.com/browse/CRUC-8646 (circl)
- druid-612f0710.json (github-poc)
- suppression.xml (github-poc)
…and 1 more exploits
Timeline
- Jun 18, 2024 CVE Published