CVE-2024-21683 (GCVE-0-2024-21683)
Vulnerability from cvelistv5 – Published: 2024-05-21 23:00 – Updated: 2025-05-12 15:22Summary
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html
You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.
This vulnerability was found internally.
Severity
7.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- RCE (Remote Code Execution)
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Confluence Data Center |
Affected:
8.9.0
Affected: 8.8.0 to 8.8.1 Affected: 8.7.1 to 8.7.2 Affected: 8.6.0 to 8.6.2 Affected: 8.5.0 to 8.5.8 Affected: 8.4.0 to 8.4.5 Affected: 8.3.0 to 8.3.4 Affected: 8.2.0 to 8.2.3 Affected: 8.1.0 to 8.1.4 Affected: 8.0.0 to 8.0.4 Affected: 7.20.0 to 7.20.3 Affected: 7.19.0 to 7.19.21 Unaffected: 8.9.1 to 8.9.2 Unaffected: 8.5.9 to 8.5.10 Unaffected: 7.19.22 to 7.19.23 |
|
| atlassian | confluence_data_center |
Affected:
8.9.0
Affected: 8.8.0 , ≤ 8.8.1 (custom) Affected: 8.7.1 , ≤ 8.7.2 (custom) Affected: 8.6.0 , ≤ 8.6.2 (custom) Affected: 8.5.0 , ≤ 8.5.8 (custom) Affected: 8.4.0 , ≤ 8.4.5 (custom) Affected: 8.3.0 , ≤ 8.3.4 (custom) Affected: 8.2.0 , ≤ 8.2.3 (custom) Affected: 8.1.0 , ≤ 8.1.4 (custom) Affected: 8.0.0 , ≤ 8.0.4 (custom) Affected: 7.20.0 , ≤ 7.20.3 (custom) Affected: 7.19.0 , ≤ 7.1921 (custom) Affected: 8.9.1 Affected: 8.5.9 Affected: 7.19.22 cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* |
Credits
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: b93f06a6-fb1c-4c2c-b49a-97a2d49dbb46
Exploited: Yes
Characteristics
Severity:
83.0
Timestamps
First Seen: 2024-05-29
Asserted: 2024-05-29
Last Seen: 2026-06-22
Scope
Asset Exposure: ['internet-facing']
Notes: Affected: Atlassian / Confluence | Class: other-software | Severity: High (CVSS 8.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-22: 17
Evidence
Type: Honeypot
Signal: In The Wild Attempts
Confidence: 70%
Source: shadowserver
Details
| 1D | 1 |
|---|---|
| Iot | no |
| Feed | Shadowserver Foundation honeypot/exploited-vulnerabilities |
| Type | http-scan |
| Class | other-software |
| 7D Avg | 0 |
| Vendor | Atlassian |
| 30D Avg | 0 |
| 90D Avg | 0 |
| Product | Confluence |
| Cisa Kev | no |
| Connections | 17 |
| Observation Date | 2026-06-22 |
| Vulnerability Class | CVSS |
| Vulnerability Score | 8.3 |
| Vulnerability Severity | High |
References
Created: 2026-06-30 09:23 UTC
| Updated: 2026-06-30 12:46 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 5a514b1b-ff50-42cf-bff3-aa5ae88c786b
Exploited: Yes
Timestamps
First Seen: 2024-05-21
Asserted: 2024-05-21
Scope
Notes: KEVIntel entry: This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
This RCE (Remote... | Affected: Atlassian / Confluence Data Center | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True
Evidence
Type: Public Report
Signal: Successful Exploitation
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote... |
| Vendor | Atlassian |
| Product | Confluence Data Center |
| Added Date | 2024-05-21T23:00:00.000Z |
| Cvss Score | 7.2 |
| Epss Score | None |
| Cvss Severity | HIGH |
| Epss Percentile | None |
| Used In Malware | unknown |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | True |
References
Created: 2026-06-23 14:06 UTC
| Updated: 2026-06-23 14:06 UTC
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "confluence_data_center",
"vendor": "atlassian",
"versions": [
{
"status": "affected",
"version": "8.9.0"
},
{
"lessThanOrEqual": "8.8.1",
"status": "affected",
"version": "8.8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.7.2",
"status": "affected",
"version": "8.7.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.6.2",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.5.8",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "8.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.3.4",
"status": "affected",
"version": "8.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.2.3",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.1.4",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.4",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.20.3",
"status": "affected",
"version": "7.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.1921",
"status": "affected",
"version": "7.19.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.9.1"
},
{
"status": "affected",
"version": "8.5.9"
},
{
"status": "affected",
"version": "7.19.22"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21683",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-20T03:55:34.077361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:22:41.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Confluence Data Center",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "8.9.0"
},
{
"status": "affected",
"version": "8.8.0 to 8.8.1"
},
{
"status": "affected",
"version": "8.7.1 to 8.7.2"
},
{
"status": "affected",
"version": "8.6.0 to 8.6.2"
},
{
"status": "affected",
"version": "8.5.0 to 8.5.8"
},
{
"status": "affected",
"version": "8.4.0 to 8.4.5"
},
{
"status": "affected",
"version": "8.3.0 to 8.3.4"
},
{
"status": "affected",
"version": "8.2.0 to 8.2.3"
},
{
"status": "affected",
"version": "8.1.0 to 8.1.4"
},
{
"status": "affected",
"version": "8.0.0 to 8.0.4"
},
{
"status": "affected",
"version": "7.20.0 to 7.20.3"
},
{
"status": "affected",
"version": "7.19.0 to 7.19.21"
},
{
"status": "unaffected",
"version": "8.9.1 to 8.9.2"
},
{
"status": "unaffected",
"version": "8.5.9 to 8.5.10"
},
{
"status": "unaffected",
"version": "7.19.22 to 7.19.23"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Atlassian"
}
],
"descriptions": [
{
"lang": "en",
"value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\n\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\n\nThis vulnerability was found internally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE (Remote Code Execution)",
"lang": "en",
"type": "RCE (Remote Code Execution)"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T20:55:38.532Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2024-21683",
"datePublished": "2024-05-21T23:00:00.446Z",
"dateReserved": "2024-01-01T00:05:33.846Z",
"dateUpdated": "2025-05-12T15:22:41.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-21683",
"date": "2026-07-04",
"epss": "0.88267",
"percentile": "0.99751"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Rejected reason: This CVE\u0027s publication may have been a false positive or a mistake. As a result, we have rejected this record.\"}]",
"id": "CVE-2024-21683",
"lastModified": "2025-01-01T00:15:07.317",
"published": "2024-05-21T23:15:07.923",
"sourceIdentifier": "security@atlassian.com",
"vulnStatus": "Rejected"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-21683\",\"sourceIdentifier\":\"security@atlassian.com\",\"published\":\"2024-05-21T23:15:07.923\",\"lastModified\":\"2026-06-17T07:09:58.813\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\\n\\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0\\n\\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\\n\\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\\n\\nThis vulnerability was found internally.\"},{\"lang\":\"es\",\"value\":\"Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo) de alta gravedad se introdujo en la versi\u00f3n 5.2 de Confluence Data Center and Server. Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo), con una puntuaci\u00f3n CVSS de 8,3, permite a un atacante autenticado ejecutar c\u00f3digo arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Confluence Data Center y Server actualicen a la \u00faltima versi\u00f3n. Si no puede hacerlo, actualice su instancia a una de las versiones fijas admitidas especificadas. Consulte las notas de la versi\u00f3n https://confluence.atlassian.com/doc/confluence-release-notes-327.html Puede descargar la \u00faltima versi\u00f3n de Confluence Data Center and Server desde el centro de descargas https://www.atlassian.com /software/confluence/descargar-archivos. Esta vulnerabilidad se encontr\u00f3 internamente.\"}],\"affected\":[{\"source\":\"security@atlassian.com\",\"affectedData\":[{\"vendor\":\"Atlassian\",\"product\":\"Confluence Data Center\",\"versions\":[{\"version\":\"8.9.0\",\"status\":\"affected\"},{\"version\":\"8.8.0 to 8.8.1\",\"status\":\"affected\"},{\"version\":\"8.7.1 to 8.7.2\",\"status\":\"affected\"},{\"version\":\"8.6.0 to 8.6.2\",\"status\":\"affected\"},{\"version\":\"8.5.0 to 8.5.8\",\"status\":\"affected\"},{\"version\":\"8.4.0 to 8.4.5\",\"status\":\"affected\"},{\"version\":\"8.3.0 to 8.3.4\",\"status\":\"affected\"},{\"version\":\"8.2.0 to 8.2.3\",\"status\":\"affected\"},{\"version\":\"8.1.0 to 8.1.4\",\"status\":\"affected\"},{\"version\":\"8.0.0 to 8.0.4\",\"status\":\"affected\"},{\"version\":\"7.20.0 to 7.20.3\",\"status\":\"affected\"},{\"version\":\"7.19.0 to 7.19.21\",\"status\":\"affected\"},{\"version\":\"8.9.1 to 8.9.2\",\"status\":\"unaffected\"},{\"version\":\"8.5.9 to 8.5.10\",\"status\":\"unaffected\"},{\"version\":\"7.19.22 to 7.19.23\",\"status\":\"unaffected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"atlassian\",\"product\":\"confluence_data_center\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"8.9.0\",\"status\":\"affected\"},{\"version\":\"8.8.0\",\"lessThanOrEqual\":\"8.8.1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.7.1\",\"lessThanOrEqual\":\"8.7.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.6.0\",\"lessThanOrEqual\":\"8.6.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.5.0\",\"lessThanOrEqual\":\"8.5.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.4.0\",\"lessThanOrEqual\":\"8.4.5\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.3.0\",\"lessThanOrEqual\":\"8.3.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.2.0\",\"lessThanOrEqual\":\"8.2.3\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.1.0\",\"lessThanOrEqual\":\"8.1.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.0.0\",\"lessThanOrEqual\":\"8.0.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.20.0\",\"lessThanOrEqual\":\"7.20.3\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.19.0\",\"lessThanOrEqual\":\"7.1921\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.9.1\",\"status\":\"affected\"},{\"version\":\"8.5.9\",\"status\":\"affected\"},{\"version\":\"7.19.22\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@atlassian.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-07-20T03:55:34.077361Z\",\"id\":\"CVE-2024-21683\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"7.19.0\",\"versionEndExcluding\":\"7.19.24\",\"matchCriteriaId\":\"D7B3C669-9F09-41DF-BBE7-924A59EDC2DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.20.0\",\"versionEndIncluding\":\"7.20.3\",\"matchCriteriaId\":\"CA11366E-1323-4E23-BC48-98E5A278ACBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.4\",\"matchCriteriaId\":\"3E04D444-3EB1-4738-B7E2-5B7AE2E5E362\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndIncluding\":\"8.1.4\",\"matchCriteriaId\":\"1F0C549F-BE94-4E69-AD21-7472364DCDEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.3\",\"matchCriteriaId\":\"0850948D-AE6D-4DCA-9BA0-9980E6BFC202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0\",\"versionEndIncluding\":\"8.3.4\",\"matchCriteriaId\":\"63D5B3B0-7F7E-49B6-8C2D-FF4D824A9315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.4.0\",\"versionEndIncluding\":\"8.4.5\",\"matchCriteriaId\":\"57BDBED4-B502-444B-8C8C-EDC8CD0717F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndExcluding\":\"8.5.11\",\"matchCriteriaId\":\"9551EBA1-2B49-4420-867D-2B20C76C41C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.6.0\",\"versionEndIncluding\":\"8.6.2\",\"matchCriteriaId\":\"A28B7617-2765-4C27-AC74-8C583ABF1977\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndExcluding\":\"8.9.3\",\"matchCriteriaId\":\"6F595865-0E49-45DC-B30F-F0AFEE524F07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:8.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A3DA1F-C35D-464A-8E01-B2D8F05F85A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:8.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1147BC2D-633D-40BB-8303-53D5FE8CB0FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:8.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F13F5EE-7BAE-4F46-ACDD-65155EF457F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:8.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AFB1065-37A0-49ED-BA0A-F2F01797F45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"7.19.0\",\"versionEndExcluding\":\"7.19.24\",\"matchCriteriaId\":\"CD7F7846-0310-483C-8F99-899ABBBB020E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.20.0\",\"versionEndIncluding\":\"7.20.3\",\"matchCriteriaId\":\"72EB6154-9A86-4A14-A341-D357D9FCB0DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.4\",\"matchCriteriaId\":\"ACE3F2DE-01CD-4CBC-B8F5-86ACCA6DC62A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndIncluding\":\"8.1.4\",\"matchCriteriaId\":\"8201C848-0F3F-42B3-9430-A628CFC96B1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.3\",\"matchCriteriaId\":\"4451E75A-00F4-4AC2-BE18-CCB1471B88BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0\",\"versionEndIncluding\":\"8.3.4\",\"matchCriteriaId\":\"D5FF2B9F-070E-458F-BD17-20A4ECBEAD72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.4.0\",\"versionEndIncluding\":\"8.4.5\",\"matchCriteriaId\":\"71CE6EAD-724D-49C4-BE5A-C45884C1F237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndExcluding\":\"8.5.11\",\"matchCriteriaId\":\"4C148D09-E45D-473E-9794-6C9AD0FC0AE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.6.0\",\"versionEndIncluding\":\"8.6.2\",\"matchCriteriaId\":\"BA046009-AC63-4DF2-90E0-38873BD4614E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndIncluding\":\"8.9.2\",\"matchCriteriaId\":\"5361DD21-10D1-4FBB-A358-61C0836BEDE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:8.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB0C806-A61F-4238-BE92-25FD9B771EFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:8.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1245106-DD17-410F-963D-6877C19ED65D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:8.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F9DEA9-BBB4-4205-9557-CAD0184DA3F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:8.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7228BE60-B856-4C52-B7A5-014D1768CD33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8.0\",\"versionEndExcluding\":\"4.8.15\",\"matchCriteriaId\":\"5D4B4DC7-D3A9-4A0C-9C9B-68711F2472AA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8.0\",\"versionEndExcluding\":\"4.8.15\",\"matchCriteriaId\":\"EA6AF694-D9E9-47C3-B8FB-643163511825\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.21\",\"matchCriteriaId\":\"78397A02-75F9-487F-927F-FE6AFE5E7093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"9.12.0\",\"versionEndExcluding\":\"9.12.8\",\"matchCriteriaId\":\"F445667E-4ED3-4678-A4CF-967256B1B971\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.21\",\"matchCriteriaId\":\"3987D09A-187F-4830-BF59-D1AC122A9A25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"9.12.0\",\"versionEndExcluding\":\"9.12.8\",\"matchCriteriaId\":\"C7030689-7B4A-45C7-830B-6DCA8D621C1A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndExcluding\":\"5.4.21\",\"matchCriteriaId\":\"52690604-A588-4FF9-AC7B-AAD650341830\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.8\",\"matchCriteriaId\":\"85E5EC00-D5EA-4F73-9863-D0E49B876758\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\",\"versionStartIncluding\":\"5.15.2\",\"versionEndExcluding\":\"5.16.0\",\"matchCriteriaId\":\"8C9730C4-AC8D-4090-BD5A-9C84FEBF45C5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndExcluding\":\"5.4.21\",\"matchCriteriaId\":\"4653B8B5-A878-4652-A33D-F33A1A8FF467\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.8\",\"matchCriteriaId\":\"6BD985F0-7250-4ACA-8060-8361F1FB94BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:5.15.2:*:*:*:server:*:*:*\",\"matchCriteriaId\":\"0EB3116A-C1A0-4CA8-9404-FB705DE5B14A\"}]}]}],\"references\":[{\"url\":\"https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211\",\"source\":\"security@atlassian.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CONFSERVER-95832\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21683\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-20T03:55:34.077361Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"confluence_data_center\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.9.0\"}, {\"status\": \"affected\", \"version\": \"8.8.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.8.1\"}, {\"status\": \"affected\", \"version\": \"8.7.1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.7.2\"}, {\"status\": \"affected\", \"version\": \"8.6.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.6.2\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.5.8\"}, {\"status\": \"affected\", \"version\": \"8.4.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.4.5\"}, {\"status\": \"affected\", \"version\": \"8.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.3.4\"}, {\"status\": \"affected\", \"version\": \"8.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.2.3\"}, {\"status\": \"affected\", \"version\": \"8.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.1.4\"}, {\"status\": \"affected\", \"version\": \"8.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.4\"}, {\"status\": \"affected\", \"version\": \"7.20.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.20.3\"}, {\"status\": \"affected\", \"version\": \"7.19.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.1921\"}, {\"status\": \"affected\", \"version\": \"8.9.1\"}, {\"status\": \"affected\", \"version\": \"8.5.9\"}, {\"status\": \"affected\", \"version\": \"7.19.22\"}], \"defaultStatus\": \"affected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-24T14:08:46.801Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Atlassian\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Atlassian\", \"product\": \"Confluence Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.9.0\"}, {\"status\": \"affected\", \"version\": \"8.8.0 to 8.8.1\"}, {\"status\": \"affected\", \"version\": \"8.7.1 to 8.7.2\"}, {\"status\": \"affected\", \"version\": \"8.6.0 to 8.6.2\"}, {\"status\": \"affected\", \"version\": \"8.5.0 to 8.5.8\"}, {\"status\": \"affected\", \"version\": \"8.4.0 to 8.4.5\"}, {\"status\": \"affected\", \"version\": \"8.3.0 to 8.3.4\"}, {\"status\": \"affected\", \"version\": \"8.2.0 to 8.2.3\"}, {\"status\": \"affected\", \"version\": \"8.1.0 to 8.1.4\"}, {\"status\": \"affected\", \"version\": \"8.0.0 to 8.0.4\"}, {\"status\": \"affected\", \"version\": \"7.20.0 to 7.20.3\"}, {\"status\": \"affected\", \"version\": \"7.19.0 to 7.19.21\"}, {\"status\": \"unaffected\", \"version\": \"8.9.1 to 8.9.2\"}, {\"status\": \"unaffected\", \"version\": \"8.5.9 to 8.5.10\"}, {\"status\": \"unaffected\", \"version\": \"7.19.22 to 7.19.23\"}]}], \"references\": [{\"url\": \"https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211\"}, {\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-95832\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\\n\\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\\u00a0\\n\\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\\n\\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\\n\\nThis vulnerability was found internally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"RCE (Remote Code Execution)\", \"description\": \"RCE (Remote Code Execution)\"}]}], \"providerMetadata\": {\"orgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"shortName\": \"atlassian\", \"dateUpdated\": \"2025-03-14T20:55:38.532Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21683\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-12T15:22:41.587Z\", \"dateReserved\": \"2024-01-01T00:05:33.846Z\", \"assignerOrgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"datePublished\": \"2024-05-21T23:00:00.446Z\", \"assignerShortName\": \"atlassian\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…