Remote Code Execution Vulnerability in Atlassian Confluence Data Center and Server
CVE-2024-21672

8.3HIGH

Key Information:

Vendor
Atlassian
Status
Confluence Data Center
Confluence Server
Vendor
CVE Published:
16 January 2024

Badges

πŸ‘Ύ Exploit Exists

Summary

A remote code execution vulnerability exists within Atlassian Confluence Data Center and Server, initially introduced in version 2.1.0. This flaw permits an unauthenticated attacker to exploit exposed assets in the affected environment, posing significant risks to confidentiality, integrity, and availability. The vulnerability necessitates user interaction to trigger the exploit, emphasizing the importance of prompt action. Atlassian recommends upgrading to the latest version or specific supported fixed versions for enhanced security. Users of the Confluence Data Center and Server should prioritize these upgrades to mitigate potential security risks.

Affected Version(s)

Confluence Data Center >= 7.19.0 < 7.19.0

Confluence Data Center >= 8.0.0 >= 8.0.0

Confluence Data Center >= 8.1.0 >= 8.1.0

References

https://jira.atlassian.com/browse/CONFSERVER-94064

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

DDV_UA
.