Remote Code Execution Vulnerability in Confluence Data Center and Server by Atlassian
CVE-2024-21673

8HIGH

Key Information:

Vendor
Atlassian
Status
Confluence Data Center
Confluence Server
Vendor
CVE Published:
16 January 2024

Summary

A notable Remote Code Execution (RCE) vulnerability has been identified in Atlassian's Confluence Data Center and Server, originating from versions 7.13.0 and onwards. This vulnerability allows authenticated attackers to execute arbitrary code remotely, leading to severe risks regarding the confidentiality, integrity, and availability of the affected systems. Notably, the intrusion does not necessitate user interaction, which heightens the risk of unauthorized access to sensitive assets. To mitigate these risks, users are strongly advised to upgrade to the latest supported versions of Confluence, namely 7.19.18 or higher for the 7.19 series, 8.5.5 or higher for the 8.5 series, and 8.7.2 or higher for the 8.7 series. Further details can be found in the Atlassian release notes.

Affected Version(s)

Confluence Data Center >= 7.13.0 < 7.13.0

Confluence Data Center >= 7.19.0 >= 7.19.0

Confluence Data Center >= 8.0.0 >= 8.0.0

References

https://jira.atlassian.com/browse/CONFSERVER-94065

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

xiaoc
.