CVE-2024-21683

Published May 21, 2024

Last updated 9 days ago

CVSS high 8.8

Overview

Description: This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.
Source: security@atlassian.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7B3C669-9F09-41DF-BBE7-924A59EDC2DE",
            "versionEndExcluding": "7.19.24",
            "versionStartIncluding": "7.19.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA11366E-1323-4E23-BC48-98E5A278ACBC",
            "versionEndIncluding": "7.20.3",
            "versionStartIncluding": "7.20.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E04D444-3EB1-4738-B7E2-5B7AE2E5E362",
            "versionEndIncluding": "8.0.4",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F0C549F-BE94-4E69-AD21-7472364DCDEE",
            "versionEndIncluding": "8.1.4",
            "versionStartIncluding": "8.1.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0850948D-AE6D-4DCA-9BA0-9980E6BFC202",
            "versionEndIncluding": "8.2.3",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63D5B3B0-7F7E-49B6-8C2D-FF4D824A9315",
            "versionEndIncluding": "8.3.4",
            "versionStartIncluding": "8.3.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57BDBED4-B502-444B-8C8C-EDC8CD0717F1",
            "versionEndIncluding": "8.4.5",
            "versionStartIncluding": "8.4.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9551EBA1-2B49-4420-867D-2B20C76C41C4",
            "versionEndExcluding": "8.5.11",
            "versionStartIncluding": "8.5.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A28B7617-2765-4C27-AC74-8C583ABF1977",
            "versionEndIncluding": "8.6.2",
            "versionStartIncluding": "8.6.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F595865-0E49-45DC-B30F-F0AFEE524F07",
            "versionEndExcluding": "8.9.3",
            "versionStartIncluding": "8.9.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0A3DA1F-C35D-464A-8E01-B2D8F05F85A0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1147BC2D-633D-40BB-8303-53D5FE8CB0FD"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F13F5EE-7BAE-4F46-ACDD-65155EF457F8"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AFB1065-37A0-49ED-BA0A-F2F01797F45A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD7F7846-0310-483C-8F99-899ABBBB020E",
            "versionEndExcluding": "7.19.24",
            "versionStartIncluding": "7.19.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72EB6154-9A86-4A14-A341-D357D9FCB0DF",
            "versionEndIncluding": "7.20.3",
            "versionStartIncluding": "7.20.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACE3F2DE-01CD-4CBC-B8F5-86ACCA6DC62A",
            "versionEndIncluding": "8.0.4",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8201C848-0F3F-42B3-9430-A628CFC96B1B",
            "versionEndIncluding": "8.1.4",
            "versionStartIncluding": "8.1.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4451E75A-00F4-4AC2-BE18-CCB1471B88BF",
            "versionEndIncluding": "8.2.3",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5FF2B9F-070E-458F-BD17-20A4ECBEAD72",
            "versionEndIncluding": "8.3.4",
            "versionStartIncluding": "8.3.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71CE6EAD-724D-49C4-BE5A-C45884C1F237",
            "versionEndIncluding": "8.4.5",
            "versionStartIncluding": "8.4.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C148D09-E45D-473E-9794-6C9AD0FC0AE6",
            "versionEndExcluding": "8.5.11",
            "versionStartIncluding": "8.5.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA046009-AC63-4DF2-90E0-38873BD4614E",
            "versionEndIncluding": "8.6.2",
            "versionStartIncluding": "8.6.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5361DD21-10D1-4FBB-A358-61C0836BEDE1",
            "versionEndIncluding": "8.9.2",
            "versionStartIncluding": "8.9.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:8.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABB0C806-A61F-4238-BE92-25FD9B771EFA"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:8.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1245106-DD17-410F-963D-6877C19ED65D"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:8.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4F9DEA9-BBB4-4205-9557-CAD0184DA3F4"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:8.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7228BE60-B856-4C52-B7A5-014D1768CD33"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D4B4DC7-D3A9-4A0C-9C9B-68711F2472AA",
            "versionEndExcluding": "4.8.15",
            "versionStartIncluding": "4.8.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA6AF694-D9E9-47C3-B8FB-643163511825",
            "versionEndExcluding": "4.8.15",
            "versionStartIncluding": "4.8.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78397A02-75F9-487F-927F-FE6AFE5E7093",
            "versionEndExcluding": "9.4.21",
            "versionStartIncluding": "9.4.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F445667E-4ED3-4678-A4CF-967256B1B971",
            "versionEndExcluding": "9.12.8",
            "versionStartIncluding": "9.12.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3987D09A-187F-4830-BF59-D1AC122A9A25",
            "versionEndExcluding": "9.4.21",
            "versionStartIncluding": "9.4.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7030689-7B4A-45C7-830B-6DCA8D621C1A",
            "versionEndExcluding": "9.12.8",
            "versionStartIncluding": "9.12.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52690604-A588-4FF9-AC7B-AAD650341830",
            "versionEndExcluding": "5.4.21",
            "versionStartIncluding": "5.4.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85E5EC00-D5EA-4F73-9863-D0E49B876758",
            "versionEndExcluding": "5.12.8",
            "versionStartIncluding": "5.12.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C9730C4-AC8D-4090-BD5A-9C84FEBF45C5",
            "versionEndExcluding": "5.16.0",
            "versionStartIncluding": "5.15.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4653B8B5-A878-4652-A33D-F33A1A8FF467",
            "versionEndExcluding": "5.4.21",
            "versionStartIncluding": "5.4.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BD985F0-7250-4ACA-8060-8361F1FB94BE",
            "versionEndExcluding": "5.12.8",
            "versionStartIncluding": "5.12.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.15.2:*:*:*:server:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EB3116A-C1A0-4CA8-9404-FB705DE5B14A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References