High Severity RCE Vulnerability Affects Atlassian Confluence Data Center and Server
Key Information
- Vendor
- Atlassian
- Status
- Confluence Data Center
- Vendor
- CVE Published:
- 21 May 2024
Badges
Summary
The high severity RCE vulnerability, tracked as CVE-2024-21683, affects Atlassian Confluence Data Center and Server, with a CVSS Score of 8.3. It allows an authenticated attacker to execute arbitrary code, potentially resulting in complete system takeovers, deployment of malware, system configuration changes, and login credential exfiltration. More than 200,000 instances of Atlassian Confluence Data Center and Server are vulnerable, with the U.S. having the highest number of exposures. Atlassian discovered the vulnerability internally and has released fixed versions of the software. It is advised for organizations to upgrade to the latest versions to mitigate the risks associated with this vulnerability. No known ransomware exploitation of this vulnerability has been reported.
Affected Version(s)
Confluence Data Center = 8.9.0
Confluence Data Center = 8.8.0 to 8.8.1
Confluence Data Center = 8.7.1 to 8.7.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Atlassian Confluence Flaw Enables Remote Code Execution - Spiceworks
Explore the details of a critical vulnerability in Atlassian Confluence that enables remote code execution. Learn how users can protect their systems with prompt updates.
5 months ago
Vulnerability Recap 6/10/24: RCE Attacks in Major Platforms
Explore recent RCE attacks and other vulnerabilities on major platforms. Stay updated on the latest fixes.
5 months ago
Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: High-risk Atlassian Confluence RCE fixed, PoC available
5 months ago
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability started trending.
First article discovered by GBHackers on Security
Vulnerability published.