Description

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.  Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.

INFO

Published Date :

2024-05-21T23:00:00.446Z

Last Modified :

2025-05-12T15:22:41.587Z

Source :

atlassian
AFFECTED PRODUCTS

The following products are affected by CVE-2024-21683 vulnerability.

Vendors Products
Atlassian
  • Confluence Data Center
  • Confluence Server
  • Crucible
  • Fisheye
  • Jira Data Center
  • Jira Server
  • Jira Service Management
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-21683.

URL Resource
https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211 cve-icon cve-icon
https://jira.atlassian.com/browse/CONFSERVER-95832 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact