CVE-2024-21672

CWE-94 — Code Injection4 documents4 sources

Severity

8.8HIGH

EPSS

7.2%

top 8.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Confluence Data Center Atlassian Confluence Server

Timeline

PublishedJan 16

Description

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interactio…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDatlassian/confluence_data_center7.19.0 — 7.19.18+2

▶CVEListV5atlassian/confluence_data_center9 versions+8

▶NVDatlassian/confluence_server7.19 — 7.19.18+2

▶CVEListV5atlassian/confluence_server9 versions+8

🔴Vulnerability Details

CVEList

CVE-2024-21672: This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2↗2024-01-16

▶

GHSA

GHSA-pcmh-49qc-2rx3: This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2↗2024-01-16

▶

📋Vendor Advisories

Atlassian

CVE-2024-21672: RCE (Remote Code Execution) in Confluence Data Center and Server↗2024-01-16

▶