Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2024-21683
HistoryMay 21, 2024 - 11:15 p.m.

CVE-2024-21683

2024-05-2123:15:07
[email protected]
web.nvd.nist.gov
336
23
rce vulnerability
confluence data center
confluence server
cvss score 8.3
atlassian
upgrade
release notes
download center
confidentiality impact
integrity impact
availability impact
no user interaction
patching

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.511 Medium

EPSS

Percentile

97.6%

JSON

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.

This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.

Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html

You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.

This vulnerability was found internally.

Affected configurations

NVD
Node
atlassianconfluence_data_centerRange7.19.07.19.22lts
OR
atlassianconfluence_data_centerRange7.20.07.20.3
OR
atlassianconfluence_data_centerRange8.0.08.0.4
OR
atlassianconfluence_data_centerRange8.1.08.1.4
OR
atlassianconfluence_data_centerRange8.2.08.2.3
OR
atlassianconfluence_data_centerRange8.3.08.3.4
OR
atlassianconfluence_data_centerRange8.4.08.4.5
OR
atlassianconfluence_data_centerRange8.5.08.5.9lts
OR
atlassianconfluence_data_centerRange8.6.08.6.2
OR
atlassianconfluence_data_centerMatch8.7.1
OR
atlassianconfluence_data_centerMatch8.7.2
OR
atlassianconfluence_data_centerMatch8.8.0
OR
atlassianconfluence_data_centerMatch8.8.1
OR
atlassianconfluence_data_centerMatch8.9.0
Node
atlassianconfluence_serverRange7.19.07.19.22lts
OR
atlassianconfluence_serverRange7.20.07.20.3
OR
atlassianconfluence_serverRange8.0.08.0.4
OR
atlassianconfluence_serverRange8.1.08.1.4
OR
atlassianconfluence_serverRange8.2.08.2.3
OR
atlassianconfluence_serverRange8.3.08.3.4
OR
atlassianconfluence_serverRange8.4.08.4.5
OR
atlassianconfluence_serverRange8.5.08.5.9lts
OR
atlassianconfluence_serverRange8.6.08.6.2
OR
atlassianconfluence_serverMatch8.7.1
OR
atlassianconfluence_serverMatch8.7.2
OR
atlassianconfluence_serverMatch8.8.0
OR
atlassianconfluence_serverMatch8.8.1
OR
atlassianconfluence_serverMatch8.9.0

CNA Affected

[
  {
    "vendor": "Atlassian",
    "product": "Confluence Data Center",
    "versions": [
      {
        "version": "8.9.0",
        "status": "affected"
      },
      {
        "version": "8.8.0 to 8.8.1",
        "status": "affected"
      },
      {
        "version": "8.7.1 to 8.7.2",
        "status": "affected"
      },
      {
        "version": "8.6.0 to 8.6.2",
        "status": "affected"
      },
      {
        "version": "8.5.0 to 8.5.8",
        "status": "affected"
      },
      {
        "version": "8.4.0 to 8.4.5",
        "status": "affected"
      },
      {
        "version": "8.3.0 to 8.3.4",
        "status": "affected"
      },
      {
        "version": "8.2.0 to 8.2.3",
        "status": "affected"
      },
      {
        "version": "8.1.0 to 8.1.4",
        "status": "affected"
      },
      {
        "version": "8.0.0 to 8.0.4",
        "status": "affected"
      },
      {
        "version": "7.20.0 to 7.20.3",
        "status": "affected"
      },
      {
        "version": "7.19.0 to 7.19.21",
        "status": "affected"
      },
      {
        "version": "8.9.1 to 8.9.2",
        "status": "unaffected"
      },
      {
        "version": "8.5.9 to 8.5.10",
        "status": "unaffected"
      },
      {
        "version": "7.19.22 to 7.19.23",
        "status": "unaffected"
      }
    ]
  }
]

Social References

More

Related

nvd 1
githubexploit 3
cvelist 1
nuclei 1
vulnrichment 1
nessus 1
nvd
nvd
CVE-2024-21683
2024-05-21 23:15:07
githubexploit
githubexploit
Exploit for CVE-2024-21683
2024-05-27 11:14:54
Exploit for CVE-2024-21683
2024-05-23 09:05:40
Exploit for CVE-2024-21683
2024-06-04 12:00:00
cvelist
cvelist
CVE-2024-21683
2024-05-21 23:00:00
nuclei
nuclei
Atlassian Confluence Data Center and Server - Remote Code Execution
2024-05-24 21:22:59
vulnrichment
vulnrichment
CVE-2024-21683
2024-05-21 23:00:00
nessus
nessus
Atlassian Confluence 5.2 < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 RCE (CONFSERVER-95832)
2024-05-24 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.511 Medium

EPSS

Percentile

97.6%

JSON
Related for CVE-2024-21683
nvd1githubexploit3cvelist1nuclei1vulnrichment1nessus1