CVE-2024-21673

CWE-94 — Code Injection4 documents4 sources

Severity

8.8HIGH

EPSS

9.2%

top 7.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Confluence Data Center Atlassian Confluence Server

Timeline

PublishedJan 16

Description

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDatlassian/confluence_data_center7.19.0 — 7.19.18+2

▶CVEListV5atlassian/confluence_data_center10 versions+9

▶NVDatlassian/confluence_server7.19 — 7.19.18+2

▶CVEListV5atlassian/confluence_server10 versions+9

🔴Vulnerability Details

GHSA

GHSA-jp7h-g39h-xfp6: This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7↗2024-01-16

▶

CVEList

CVE-2024-21673: This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7↗2024-01-16

▶

📋Vendor Advisories

Atlassian

CVE-2024-21673: RCE (Remote Code Execution) in Confluence Data Center and Server↗2024-01-16

▶