Remote Code Execution Vulnerability in Confluence Data Center and Server by Atlassian
CVE-2024-21674

7.5HIGH

Key Information:

Vendor: Atlassian
Status: Confluence Data Center; Confluence Server
Vendor: CVE Published:; 16 January 2024

Summary

A Remote Code Execution vulnerability exists within Atlassian's Confluence Data Center and Server, introduced in version 7.13.0. This flaw enables unauthenticated attackers to execute arbitrary code, potentially exposing sensitive assets within a user's environment. The vulnerability predominantly affects confidentiality, leaving integrity and availability intact, and does not require any user interaction for exploitation. To mitigate risks associated with CVE-2024-21674, it is crucial for users to upgrade to specific versions as recommended by Atlassian, ensuring their systems are safeguarded against potential threats.

Affected Version(s)

Confluence Data Center >= 7.19.0 < 7.19.0

Confluence Data Center >= 8.0.0 >= 8.0.0

Confluence Data Center >= 8.1.0 >= 8.1.0

References

https://jira.atlassian.com/browse/CONFSERVER-94066

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Jan 1, 2024

Credit

DDV_UA