CVE-2024-21683

high-risk

Published 2024-05-21

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.

Do I need to act?

94.1% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (19)

Confluence Data Center

Confluence Server

Fisheye

Crucible

Jira Data Center

Jira Server

Jira Service Management

Affected Vendors

Atlassian

References (2)

Vendor Advisory https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211

Issue Tracking https://jira.atlassian.com/browse/CONFSERVER-95832

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 20/34 · Moderate

Exposure 19/34 · Moderate