CVE-2024-21674

CWE-94 — Code Injection4 documents4 sources

Severity

7.5HIGH

EPSS

2.5%

top 14.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Confluence Data Center Atlassian Confluence Server

Timeline

PublishedJan 16

Description

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction. …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDatlassian/confluence_data_center7.19.0 — 7.19.18+2

▶CVEListV5atlassian/confluence_data_center9 versions+8

▶NVDatlassian/confluence_server7.19 — 7.19.18+2

▶CVEListV5atlassian/confluence_server9 versions+8

🔴Vulnerability Details

GHSA

GHSA-p3fj-jhx6-26mr: This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7↗2024-01-16

▶

CVEList

CVE-2024-21674: This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7↗2024-01-16

▶

📋Vendor Advisories

Atlassian

CVE-2024-21674: RCE (Remote Code Execution) in Confluence Data Center and Server↗2024-01-16

▶