CVE-2024-21683 (GCVE-0-2024-21683)

Vulnerability from cvelistv5 – Published: 2024-05-21 23:00 – Updated: 2025-05-12 15:22
Summary
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.  Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • RCE (Remote Code Execution)
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
Impacted products
Vendor Product Version
Atlassian Confluence Data Center Affected: 8.9.0
Affected: 8.8.0 to 8.8.1
Affected: 8.7.1 to 8.7.2
Affected: 8.6.0 to 8.6.2
Affected: 8.5.0 to 8.5.8
Affected: 8.4.0 to 8.4.5
Affected: 8.3.0 to 8.3.4
Affected: 8.2.0 to 8.2.3
Affected: 8.1.0 to 8.1.4
Affected: 8.0.0 to 8.0.4
Affected: 7.20.0 to 7.20.3
Affected: 7.19.0 to 7.19.21
Unaffected: 8.9.1 to 8.9.2
Unaffected: 8.5.9 to 8.5.10
Unaffected: 7.19.22 to 7.19.23
Create a notification for this product.
atlassian confluence_data_center Affected: 8.9.0
Affected: 8.8.0 , ≤ 8.8.1 (custom)
Affected: 8.7.1 , ≤ 8.7.2 (custom)
Affected: 8.6.0 , ≤ 8.6.2 (custom)
Affected: 8.5.0 , ≤ 8.5.8 (custom)
Affected: 8.4.0 , ≤ 8.4.5 (custom)
Affected: 8.3.0 , ≤ 8.3.4 (custom)
Affected: 8.2.0 , ≤ 8.2.3 (custom)
Affected: 8.1.0 , ≤ 8.1.4 (custom)
Affected: 8.0.0 , ≤ 8.0.4 (custom)
Affected: 7.20.0 , ≤ 7.20.3 (custom)
Affected: 7.19.0 , ≤ 7.1921 (custom)
Affected: 8.9.1
Affected: 8.5.9
Affected: 7.19.22
    cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Atlassian
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2024-21683

Status: Confirmed

Status Updated: 2026-06-22 00:00 UTC

Exploited: Yes


Characteristics
Severity: 83.0

Timestamps
First Seen: 2024-05-29
Asserted: 2024-05-29
Last Seen: 2026-06-22

Scope
Asset Exposure: ['internet-facing']
Notes: Affected: Atlassian / Confluence | Class: other-software | Severity: High (CVSS 8.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-22: 17

Evidence

Type: Honeypot

Signal: In The Wild Attempts

Confidence: 70%

Source: shadowserver


Details
1D 1
Iot no
Feed Shadowserver Foundation honeypot/exploited-vulnerabilities
Type http-scan
Class other-software
7D Avg 0
Vendor Atlassian
30D Avg 0
90D Avg 0
Product Confluence
Cisa Kev no
Connections 17
Observation Date 2026-06-22
Vulnerability Class CVSS
Vulnerability Score 8.3
Vulnerability Severity High

References

Created: 2026-06-30 09:23 UTC | Updated: 2026-06-30 12:46 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2024-21683

Status: Confirmed

Status Updated: 2024-05-21 23:00 UTC

Exploited: Yes


Timestamps
First Seen: 2024-05-21
Asserted: 2024-05-21

Scope
Notes: KEVIntel entry: This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote... | Affected: Atlassian / Confluence Data Center | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel


Details
Feed KEVIntel (kevintel.com)
Title This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote...
Vendor Atlassian
Product Confluence Data Center
Added Date 2024-05-21T23:00:00.000Z
Cvss Score 7.2
Epss Score None
Cvss Severity HIGH
Epss Percentile None
Used In Malware unknown
Ahead Of Cisa Kev None
Not Yet In Cisa Kev True

References

Created: 2026-06-23 14:06 UTC | Updated: 2026-06-23 14:06 UTC
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.9.0"
              },
              {
                "lessThanOrEqual": "8.8.1",
                "status": "affected",
                "version": "8.8.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.7.2",
                "status": "affected",
                "version": "8.7.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.6.2",
                "status": "affected",
                "version": "8.6.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.5.8",
                "status": "affected",
                "version": "8.5.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.4.5",
                "status": "affected",
                "version": "8.4.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.3.4",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.2.3",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.1.4",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.0.4",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.20.3",
                "status": "affected",
                "version": "7.20.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.1921",
                "status": "affected",
                "version": "7.19.0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "8.9.1"
              },
              {
                "status": "affected",
                "version": "8.5.9"
              },
              {
                "status": "affected",
                "version": "7.19.22"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21683",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-20T03:55:34.077361Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T15:22:41.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "affected",
              "version": "8.9.0"
            },
            {
              "status": "affected",
              "version": "8.8.0 to 8.8.1"
            },
            {
              "status": "affected",
              "version": "8.7.1 to 8.7.2"
            },
            {
              "status": "affected",
              "version": "8.6.0 to 8.6.2"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.8"
            },
            {
              "status": "affected",
              "version": "8.4.0 to 8.4.5"
            },
            {
              "status": "affected",
              "version": "8.3.0 to 8.3.4"
            },
            {
              "status": "affected",
              "version": "8.2.0 to 8.2.3"
            },
            {
              "status": "affected",
              "version": "8.1.0 to 8.1.4"
            },
            {
              "status": "affected",
              "version": "8.0.0 to 8.0.4"
            },
            {
              "status": "affected",
              "version": "7.20.0 to 7.20.3"
            },
            {
              "status": "affected",
              "version": "7.19.0 to 7.19.21"
            },
            {
              "status": "unaffected",
              "version": "8.9.1 to 8.9.2"
            },
            {
              "status": "unaffected",
              "version": "8.5.9 to 8.5.10"
            },
            {
              "status": "unaffected",
              "version": "7.19.22 to 7.19.23"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Atlassian"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\n\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\n\nThis vulnerability was found internally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T20:55:38.532Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
        },
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2024-21683",
    "datePublished": "2024-05-21T23:00:00.446Z",
    "dateReserved": "2024-01-01T00:05:33.846Z",
    "dateUpdated": "2025-05-12T15:22:41.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-21683",
      "date": "2026-07-04",
      "epss": "0.88267",
      "percentile": "0.99751"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Rejected reason: This CVE\u0027s publication may have been a false positive or a mistake. As a result, we have rejected this record.\"}]",
      "id": "CVE-2024-21683",
      "lastModified": "2025-01-01T00:15:07.317",
      "published": "2024-05-21T23:15:07.923",
      "sourceIdentifier": "security@atlassian.com",
      "vulnStatus": "Rejected"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-21683\",\"sourceIdentifier\":\"security@atlassian.com\",\"published\":\"2024-05-21T23:15:07.923\",\"lastModified\":\"2026-06-17T07:09:58.813\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\\n\\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0\\n\\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\\n\\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\\n\\nThis vulnerability was found internally.\"},{\"lang\":\"es\",\"value\":\"Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo) de alta gravedad se introdujo en la versi\u00f3n 5.2 de Confluence Data Center and Server. Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo), con una puntuaci\u00f3n CVSS de 8,3, permite a un atacante autenticado ejecutar c\u00f3digo arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Confluence Data Center y Server actualicen a la \u00faltima versi\u00f3n. Si no puede hacerlo, actualice su instancia a una de las versiones fijas admitidas especificadas. Consulte las notas de la versi\u00f3n https://confluence.atlassian.com/doc/confluence-release-notes-327.html Puede descargar la \u00faltima versi\u00f3n de Confluence Data Center and Server desde el centro de descargas https://www.atlassian.com /software/confluence/descargar-archivos. Esta vulnerabilidad se encontr\u00f3 internamente.\"}],\"affected\":[{\"source\":\"security@atlassian.com\",\"affectedData\":[{\"vendor\":\"Atlassian\",\"product\":\"Confluence Data Center\",\"versions\":[{\"version\":\"8.9.0\",\"status\":\"affected\"},{\"version\":\"8.8.0 to 8.8.1\",\"status\":\"affected\"},{\"version\":\"8.7.1 to 8.7.2\",\"status\":\"affected\"},{\"version\":\"8.6.0 to 8.6.2\",\"status\":\"affected\"},{\"version\":\"8.5.0 to 8.5.8\",\"status\":\"affected\"},{\"version\":\"8.4.0 to 8.4.5\",\"status\":\"affected\"},{\"version\":\"8.3.0 to 8.3.4\",\"status\":\"affected\"},{\"version\":\"8.2.0 to 8.2.3\",\"status\":\"affected\"},{\"version\":\"8.1.0 to 8.1.4\",\"status\":\"affected\"},{\"version\":\"8.0.0 to 8.0.4\",\"status\":\"affected\"},{\"version\":\"7.20.0 to 7.20.3\",\"status\":\"affected\"},{\"version\":\"7.19.0 to 7.19.21\",\"status\":\"affected\"},{\"version\":\"8.9.1 to 8.9.2\",\"status\":\"unaffected\"},{\"version\":\"8.5.9 to 8.5.10\",\"status\":\"unaffected\"},{\"version\":\"7.19.22 to 7.19.23\",\"status\":\"unaffected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"atlassian\",\"product\":\"confluence_data_center\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"8.9.0\",\"status\":\"affected\"},{\"version\":\"8.8.0\",\"lessThanOrEqual\":\"8.8.1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.7.1\",\"lessThanOrEqual\":\"8.7.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.6.0\",\"lessThanOrEqual\":\"8.6.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.5.0\",\"lessThanOrEqual\":\"8.5.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.4.0\",\"lessThanOrEqual\":\"8.4.5\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.3.0\",\"lessThanOrEqual\":\"8.3.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.2.0\",\"lessThanOrEqual\":\"8.2.3\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.1.0\",\"lessThanOrEqual\":\"8.1.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.0.0\",\"lessThanOrEqual\":\"8.0.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.20.0\",\"lessThanOrEqual\":\"7.20.3\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.19.0\",\"lessThanOrEqual\":\"7.1921\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.9.1\",\"status\":\"affected\"},{\"version\":\"8.5.9\",\"status\":\"affected\"},{\"version\":\"7.19.22\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@atlassian.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-07-20T03:55:34.077361Z\",\"id\":\"CVE-2024-21683\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"7.19.0\",\"versionEndExcluding\":\"7.19.24\",\"matchCriteriaId\":\"D7B3C669-9F09-41DF-BBE7-924A59EDC2DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.20.0\",\"versionEndIncluding\":\"7.20.3\",\"matchCriteriaId\":\"CA11366E-1323-4E23-BC48-98E5A278ACBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.4\",\"matchCriteriaId\":\"3E04D444-3EB1-4738-B7E2-5B7AE2E5E362\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndIncluding\":\"8.1.4\",\"matchCriteriaId\":\"1F0C549F-BE94-4E69-AD21-7472364DCDEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.3\",\"matchCriteriaId\":\"0850948D-AE6D-4DCA-9BA0-9980E6BFC202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0\",\"versionEndIncluding\":\"8.3.4\",\"matchCriteriaId\":\"63D5B3B0-7F7E-49B6-8C2D-FF4D824A9315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.4.0\",\"versionEndIncluding\":\"8.4.5\",\"matchCriteriaId\":\"57BDBED4-B502-444B-8C8C-EDC8CD0717F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndExcluding\":\"8.5.11\",\"matchCriteriaId\":\"9551EBA1-2B49-4420-867D-2B20C76C41C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.6.0\",\"versionEndIncluding\":\"8.6.2\",\"matchCriteriaId\":\"A28B7617-2765-4C27-AC74-8C583ABF1977\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndExcluding\":\"8.9.3\",\"matchCriteriaId\":\"6F595865-0E49-45DC-B30F-F0AFEE524F07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:8.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A3DA1F-C35D-464A-8E01-B2D8F05F85A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:8.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1147BC2D-633D-40BB-8303-53D5FE8CB0FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:8.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F13F5EE-7BAE-4F46-ACDD-65155EF457F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:8.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AFB1065-37A0-49ED-BA0A-F2F01797F45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"7.19.0\",\"versionEndExcluding\":\"7.19.24\",\"matchCriteriaId\":\"CD7F7846-0310-483C-8F99-899ABBBB020E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.20.0\",\"versionEndIncluding\":\"7.20.3\",\"matchCriteriaId\":\"72EB6154-9A86-4A14-A341-D357D9FCB0DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.4\",\"matchCriteriaId\":\"ACE3F2DE-01CD-4CBC-B8F5-86ACCA6DC62A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndIncluding\":\"8.1.4\",\"matchCriteriaId\":\"8201C848-0F3F-42B3-9430-A628CFC96B1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.3\",\"matchCriteriaId\":\"4451E75A-00F4-4AC2-BE18-CCB1471B88BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0\",\"versionEndIncluding\":\"8.3.4\",\"matchCriteriaId\":\"D5FF2B9F-070E-458F-BD17-20A4ECBEAD72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.4.0\",\"versionEndIncluding\":\"8.4.5\",\"matchCriteriaId\":\"71CE6EAD-724D-49C4-BE5A-C45884C1F237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndExcluding\":\"8.5.11\",\"matchCriteriaId\":\"4C148D09-E45D-473E-9794-6C9AD0FC0AE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.6.0\",\"versionEndIncluding\":\"8.6.2\",\"matchCriteriaId\":\"BA046009-AC63-4DF2-90E0-38873BD4614E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndIncluding\":\"8.9.2\",\"matchCriteriaId\":\"5361DD21-10D1-4FBB-A358-61C0836BEDE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:8.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB0C806-A61F-4238-BE92-25FD9B771EFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:8.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1245106-DD17-410F-963D-6877C19ED65D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:8.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F9DEA9-BBB4-4205-9557-CAD0184DA3F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:8.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7228BE60-B856-4C52-B7A5-014D1768CD33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8.0\",\"versionEndExcluding\":\"4.8.15\",\"matchCriteriaId\":\"5D4B4DC7-D3A9-4A0C-9C9B-68711F2472AA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8.0\",\"versionEndExcluding\":\"4.8.15\",\"matchCriteriaId\":\"EA6AF694-D9E9-47C3-B8FB-643163511825\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.21\",\"matchCriteriaId\":\"78397A02-75F9-487F-927F-FE6AFE5E7093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"9.12.0\",\"versionEndExcluding\":\"9.12.8\",\"matchCriteriaId\":\"F445667E-4ED3-4678-A4CF-967256B1B971\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.21\",\"matchCriteriaId\":\"3987D09A-187F-4830-BF59-D1AC122A9A25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"9.12.0\",\"versionEndExcluding\":\"9.12.8\",\"matchCriteriaId\":\"C7030689-7B4A-45C7-830B-6DCA8D621C1A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndExcluding\":\"5.4.21\",\"matchCriteriaId\":\"52690604-A588-4FF9-AC7B-AAD650341830\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.8\",\"matchCriteriaId\":\"85E5EC00-D5EA-4F73-9863-D0E49B876758\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\",\"versionStartIncluding\":\"5.15.2\",\"versionEndExcluding\":\"5.16.0\",\"matchCriteriaId\":\"8C9730C4-AC8D-4090-BD5A-9C84FEBF45C5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndExcluding\":\"5.4.21\",\"matchCriteriaId\":\"4653B8B5-A878-4652-A33D-F33A1A8FF467\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.8\",\"matchCriteriaId\":\"6BD985F0-7250-4ACA-8060-8361F1FB94BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:5.15.2:*:*:*:server:*:*:*\",\"matchCriteriaId\":\"0EB3116A-C1A0-4CA8-9404-FB705DE5B14A\"}]}]}],\"references\":[{\"url\":\"https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211\",\"source\":\"security@atlassian.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CONFSERVER-95832\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21683\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-20T03:55:34.077361Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"confluence_data_center\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.9.0\"}, {\"status\": \"affected\", \"version\": \"8.8.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.8.1\"}, {\"status\": \"affected\", \"version\": \"8.7.1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.7.2\"}, {\"status\": \"affected\", \"version\": \"8.6.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.6.2\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.5.8\"}, {\"status\": \"affected\", \"version\": \"8.4.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.4.5\"}, {\"status\": \"affected\", \"version\": \"8.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.3.4\"}, {\"status\": \"affected\", \"version\": \"8.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.2.3\"}, {\"status\": \"affected\", \"version\": \"8.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.1.4\"}, {\"status\": \"affected\", \"version\": \"8.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.4\"}, {\"status\": \"affected\", \"version\": \"7.20.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.20.3\"}, {\"status\": \"affected\", \"version\": \"7.19.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.1921\"}, {\"status\": \"affected\", \"version\": \"8.9.1\"}, {\"status\": \"affected\", \"version\": \"8.5.9\"}, {\"status\": \"affected\", \"version\": \"7.19.22\"}], \"defaultStatus\": \"affected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-24T14:08:46.801Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Atlassian\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Atlassian\", \"product\": \"Confluence Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.9.0\"}, {\"status\": \"affected\", \"version\": \"8.8.0 to 8.8.1\"}, {\"status\": \"affected\", \"version\": \"8.7.1 to 8.7.2\"}, {\"status\": \"affected\", \"version\": \"8.6.0 to 8.6.2\"}, {\"status\": \"affected\", \"version\": \"8.5.0 to 8.5.8\"}, {\"status\": \"affected\", \"version\": \"8.4.0 to 8.4.5\"}, {\"status\": \"affected\", \"version\": \"8.3.0 to 8.3.4\"}, {\"status\": \"affected\", \"version\": \"8.2.0 to 8.2.3\"}, {\"status\": \"affected\", \"version\": \"8.1.0 to 8.1.4\"}, {\"status\": \"affected\", \"version\": \"8.0.0 to 8.0.4\"}, {\"status\": \"affected\", \"version\": \"7.20.0 to 7.20.3\"}, {\"status\": \"affected\", \"version\": \"7.19.0 to 7.19.21\"}, {\"status\": \"unaffected\", \"version\": \"8.9.1 to 8.9.2\"}, {\"status\": \"unaffected\", \"version\": \"8.5.9 to 8.5.10\"}, {\"status\": \"unaffected\", \"version\": \"7.19.22 to 7.19.23\"}]}], \"references\": [{\"url\": \"https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211\"}, {\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-95832\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\\n\\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\\u00a0\\n\\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\\n\\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\\n\\nThis vulnerability was found internally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"RCE (Remote Code Execution)\", \"description\": \"RCE (Remote Code Execution)\"}]}], \"providerMetadata\": {\"orgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"shortName\": \"atlassian\", \"dateUpdated\": \"2025-03-14T20:55:38.532Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-21683\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-12T15:22:41.587Z\", \"dateReserved\": \"2024-01-01T00:05:33.846Z\", \"assignerOrgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"datePublished\": \"2024-05-21T23:00:00.446Z\", \"assignerShortName\": \"atlassian\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…