Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2024-21683
Severity
8.8HIGH
EPSS
94.1%
top 0.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMay 21
Latest updateSep 24
Description
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you a…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages8 packages
🔴Vulnerability Details
3💥Exploits & PoCs
2Nuclei▶
Atlassian Confluence Data Center and Server - Remote Code Execution
🔍Detection Rules
1Suricata▶
ET WEB_SPECIFIC_APPS Atlassian Confluence Data Center and Server Authenticated RCE (CVE-2024-21683)↗2024-09-24
📋Vendor Advisories
8Atlassian▶
CVE-2024-21685: 5.16.0 to 5.16.1 Data Center Only 5.12.8 to 5.12.10 (LTS) recommended 5.4.21 to 5.4.23 (LTS)↗
Atlassian▶
CVE-2024-22257: 8.9.0 to 8.9.2 8.8.0 to 8.8.1 8.7.1 to 8.7.2 8.6.0 to 8.6.2 8.5.0 to 8.5.10 (LTS) 8.4.0 to 8.4.5 8.3.0 to 8.3.4 8.2.0 to↗
Atlassian▶
CVE-2024-22243: SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server↗
Atlassian▶
CVE-2024-29133: DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server↗
Atlassian▶
CVE-2024-29131: DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server↗