Vulnerability-Lookup

CVE-2024-21683 (GCVE-0-2024-21683)

Vulnerability from cvelistv5 – Published: 2024-05-21 23:00 – Updated: 2025-05-12 15:22

Summary

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

RCE (Remote Code Execution)

Assigner

atlassian

References

URL

Tags

	https://confluence.atlassian.com/pages/viewpage.a…
	https://jira.atlassian.com/browse/CONFSERVER-95832

Impacted products

	Vendor	Product	Version
	Atlassian	Confluence Data Center	Affected: 8.9.0 Affected: 8.8.0 to 8.8.1 Affected: 8.7.1 to 8.7.2 Affected: 8.6.0 to 8.6.2 Affected: 8.5.0 to 8.5.8 Affected: 8.4.0 to 8.4.5 Affected: 8.3.0 to 8.3.4 Affected: 8.2.0 to 8.2.3 Affected: 8.1.0 to 8.1.4 Affected: 8.0.0 to 8.0.4 Affected: 7.20.0 to 7.20.3 Affected: 7.19.0 to 7.19.21 Unaffected: 8.9.1 to 8.9.2 Unaffected: 8.5.9 to 8.5.10 Unaffected: 7.19.22 to 7.19.23

Credits

Atlassian

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.9.0"
              },
              {
                "lessThanOrEqual": "8.8.1",
                "status": "affected",
                "version": "8.8.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.7.2",
                "status": "affected",
                "version": "8.7.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.6.2",
                "status": "affected",
                "version": "8.6.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.5.8",
                "status": "affected",
                "version": "8.5.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.4.5",
                "status": "affected",
                "version": "8.4.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.3.4",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.2.3",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.1.4",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "8.0.4",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.20.3",
                "status": "affected",
                "version": "7.20.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.1921",
                "status": "affected",
                "version": "7.19.0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "8.9.1"
              },
              {
                "status": "affected",
                "version": "8.5.9"
              },
              {
                "status": "affected",
                "version": "7.19.22"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21683",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-20T03:55:34.077361Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T15:22:41.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "affected",
              "version": "8.9.0"
            },
            {
              "status": "affected",
              "version": "8.8.0 to 8.8.1"
            },
            {
              "status": "affected",
              "version": "8.7.1 to 8.7.2"
            },
            {
              "status": "affected",
              "version": "8.6.0 to 8.6.2"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.8"
            },
            {
              "status": "affected",
              "version": "8.4.0 to 8.4.5"
            },
            {
              "status": "affected",
              "version": "8.3.0 to 8.3.4"
            },
            {
              "status": "affected",
              "version": "8.2.0 to 8.2.3"
            },
            {
              "status": "affected",
              "version": "8.1.0 to 8.1.4"
            },
            {
              "status": "affected",
              "version": "8.0.0 to 8.0.4"
            },
            {
              "status": "affected",
              "version": "7.20.0 to 7.20.3"
            },
            {
              "status": "affected",
              "version": "7.19.0 to 7.19.21"
            },
            {
              "status": "unaffected",
              "version": "8.9.1 to 8.9.2"
            },
            {
              "status": "unaffected",
              "version": "8.5.9 to 8.5.10"
            },
            {
              "status": "unaffected",
              "version": "7.19.22 to 7.19.23"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Atlassian"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\n\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\n\nThis vulnerability was found internally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T20:55:38.532Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
        },
        {
          "url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2024-21683",
    "datePublished": "2024-05-21T23:00:00.446Z",
    "dateReserved": "2024-01-01T00:05:33.846Z",
    "dateUpdated": "2025-05-12T15:22:41.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21683\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-20T03:55:34.077361Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"confluence_data_center\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.9.0\"}, {\"status\": \"affected\", \"version\": \"8.8.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.8.1\"}, {\"status\": \"affected\", \"version\": \"8.7.1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.7.2\"}, {\"status\": \"affected\", \"version\": \"8.6.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.6.2\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.5.8\"}, {\"status\": \"affected\", \"version\": \"8.4.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.4.5\"}, {\"status\": \"affected\", \"version\": \"8.3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.3.4\"}, {\"status\": \"affected\", \"version\": \"8.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.2.3\"}, {\"status\": \"affected\", \"version\": \"8.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.1.4\"}, {\"status\": \"affected\", \"version\": \"8.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.4\"}, {\"status\": \"affected\", \"version\": \"7.20.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.20.3\"}, {\"status\": \"affected\", \"version\": \"7.19.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.1921\"}, {\"status\": \"affected\", \"version\": \"8.9.1\"}, {\"status\": \"affected\", \"version\": \"8.5.9\"}, {\"status\": \"affected\", \"version\": \"7.19.22\"}], \"defaultStatus\": \"affected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-24T14:08:46.801Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Atlassian\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Atlassian\", \"product\": \"Confluence Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.9.0\"}, {\"status\": \"affected\", \"version\": \"8.8.0 to 8.8.1\"}, {\"status\": \"affected\", \"version\": \"8.7.1 to 8.7.2\"}, {\"status\": \"affected\", \"version\": \"8.6.0 to 8.6.2\"}, {\"status\": \"affected\", \"version\": \"8.5.0 to 8.5.8\"}, {\"status\": \"affected\", \"version\": \"8.4.0 to 8.4.5\"}, {\"status\": \"affected\", \"version\": \"8.3.0 to 8.3.4\"}, {\"status\": \"affected\", \"version\": \"8.2.0 to 8.2.3\"}, {\"status\": \"affected\", \"version\": \"8.1.0 to 8.1.4\"}, {\"status\": \"affected\", \"version\": \"8.0.0 to 8.0.4\"}, {\"status\": \"affected\", \"version\": \"7.20.0 to 7.20.3\"}, {\"status\": \"affected\", \"version\": \"7.19.0 to 7.19.21\"}, {\"status\": \"unaffected\", \"version\": \"8.9.1 to 8.9.2\"}, {\"status\": \"unaffected\", \"version\": \"8.5.9 to 8.5.10\"}, {\"status\": \"unaffected\", \"version\": \"7.19.22 to 7.19.23\"}]}], \"references\": [{\"url\": \"https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211\"}, {\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-95832\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\\n\\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\\u00a0\\n\\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\\n\\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\\n\\nThis vulnerability was found internally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"RCE (Remote Code Execution)\", \"description\": \"RCE (Remote Code Execution)\"}]}], \"providerMetadata\": {\"orgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"shortName\": \"atlassian\", \"dateUpdated\": \"2025-03-14T20:55:38.532Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-21683\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-12T15:22:41.587Z\", \"dateReserved\": \"2024-01-01T00:05:33.846Z\", \"assignerOrgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"datePublished\": \"2024-05-21T23:00:00.446Z\", \"assignerShortName\": \"atlassian\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0432

Vulnerability from certfr_avis - Published: 2024-05-22 - Updated: 2024-05-22

De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Atlassian	Confluence	Confluence Data Center versions antérieures à 8.9.1
Atlassian	Confluence	Confluence Data Center versions antérieures à 7.19.22
Atlassian	Jira	Jira Software Data Center versions antérieures à 9.8.0
Atlassian	Jira	Jira Software Data Center versions antérieures à 9.11.3
Atlassian	Jira	Jira Software Server versions antérieures à 9.12.7
Atlassian	Jira	Jira Software Data Center versions antérieures à 9.12.0
Atlassian	Jira	Jira Software Server versions antérieures à 9.15.2
Atlassian	Confluence	Confluence Data Center versions antérieures à 8.5.9
Atlassian	Jira	Jira Software Data Center versions antérieures à 9.7.2
Atlassian	Jira	Jira Software Server versions antérieures à 9.4.20
Atlassian	Jira	Jira Software Data Center versions antérieures à 9.15.2
Atlassian	Jira	Jira Software Data Center versions antérieures à 9.4.20
Atlassian	Jira	Jira Software Data Center versions antérieures à 9.12.7

References

Title

Publication Time

CVE-2024-21683

Vulnerability from fstec - Published: 22.05.2024

Title

Уязвимость веб-сервера Atlassian Confluence Server и дата центра Confluence Data Center, связанная с ошибками при обработке входных данных, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость веб-сервера Atlassian Confluence Server и дата центра Confluence Data Center связана с ошибками при обработке входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Atlassian

Software Name

Confluence Server, Jira Data Center

Software Version

от 8.7.0 до 8.7.2 включительно (Confluence Server), от 8.4.0 до 8.4.5 включительно (Jira Data Center), от 8.3.0 до 8.3.4 включительно (Jira Data Center), от 8.2.0 до 8.2.3 включительно (Jira Data Center), от 8.1.0 до 8.1.4 включительно (Jira Data Center), от 8.0.0 до 8.0.4 включительно (Jira Data Center), от 7.20.0 до 7.20.3 включительно (Jira Data Center), от 8.4.0 до 8.4.5 включительно (Confluence Server), от 8.3.0 до 8.3.4 включительно (Confluence Server), от 8.2.0 до 8.2.3 включительно (Confluence Server), от 8.1.0 до 8.1.4 включительно (Confluence Server), от 8.0.0 до 8.0.4 включительно (Confluence Server), от 7.20.0 до 7.20.3 включительно (Confluence Server), от 7.19.0 до 7.19.21 (LTS) включительно (Jira Data Center), от 8.5.0 до 8.5.8 (LTS) включительно (Jira Data Center), от 8.6.0 до 8.6.2 включительно (Jira Data Center), от 8.7.1 до 8.7.2 включительно (Jira Data Center), от 8.8.0 до 8.8.1 включительно (Jira Data Center), 8.9.0 (Jira Data Center), от 7.19.0 до 7.19.21 (LTS) включительно (Confluence Server), от 8.5.0 до 8.5.8 (LTS) включительно (Confluence Server), от 8.6.0 до 8.6.2 включительно (Confluence Server), от 8.8.0 до 8.8.1 включительно (Confluence Server), 8.9.0 (Confluence Server)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование виртуальных частных сетей для организации удаленного доступа (VPN); - использование средств межсетевого экранирования для ограничения возможности удалённого доступа; - ограничение доступа из внешних сетей (Интернет). Использование рекомендаций производителя: https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html https://jira.atlassian.com/browse/CONFSERVER-95832

Reference

https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html https://jira.atlassian.com/browse/CONFSERVER-95832

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Atlassian",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 8.7.0 \u0434\u043e 8.7.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), \u043e\u0442 8.4.0 \u0434\u043e 8.4.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), \u043e\u0442 8.3.0 \u0434\u043e 8.3.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), \u043e\u0442 8.2.0 \u0434\u043e 8.2.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), \u043e\u0442 8.1.0 \u0434\u043e 8.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), \u043e\u0442 8.0.0 \u0434\u043e 8.0.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), \u043e\u0442 7.20.0 \u0434\u043e 7.20.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), \u043e\u0442 8.4.0 \u0434\u043e 8.4.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), \u043e\u0442 8.3.0 \u0434\u043e 8.3.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), \u043e\u0442 8.2.0 \u0434\u043e 8.2.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), \u043e\u0442 8.1.0 \u0434\u043e 8.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), \u043e\u0442 8.0.0 \u0434\u043e 8.0.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), \u043e\u0442 7.20.0 \u0434\u043e 7.20.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), \u043e\u0442 7.19.0 \u0434\u043e 7.19.21 (LTS) \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), \u043e\u0442 8.5.0 \u0434\u043e 8.5.8 (LTS) \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), \u043e\u0442 8.6.0 \u0434\u043e 8.6.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), \u043e\u0442 8.7.1 \u0434\u043e 8.7.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), \u043e\u0442 8.8.0 \u0434\u043e 8.8.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jira Data Center), 8.9.0 (Jira Data Center), \u043e\u0442 7.19.0 \u0434\u043e 7.19.21 (LTS) \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), \u043e\u0442 8.5.0 \u0434\u043e 8.5.8 (LTS) \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), \u043e\u0442 8.6.0 \u0434\u043e 8.6.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), \u043e\u0442 8.8.0 \u0434\u043e 8.8.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Confluence Server), 8.9.0 (Confluence Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html\nhttps://jira.atlassian.com/browse/CONFSERVER-95832",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.05.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-04006",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-21683",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Confluence Server, Jira Data Center",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Atlassian Confluence Server \u0438 \u0434\u0430\u0442\u0430 \u0446\u0435\u043d\u0442\u0440\u0430 Confluence Data Center, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Atlassian Confluence Server \u0438 \u0434\u0430\u0442\u0430 \u0446\u0435\u043d\u0442\u0440\u0430 Confluence Data Center \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html\nhttps://jira.atlassian.com/browse/CONFSERVER-95832",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

FKIE_CVE-2024-21683

Vulnerability from fkie_nvd - Published: 2024-05-21 23:15 - Updated: 2025-05-12 16:15

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@atlassian.com	https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211	Vendor Advisory
	security@atlassian.com	https://jira.atlassian.com/browse/CONFSERVER-95832	Issue Tracking

Impacted products

Vendor	Product	Version
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	8.7.1
atlassian	confluence_data_center	8.7.2
atlassian	confluence_data_center	8.8.0
atlassian	confluence_data_center	8.8.1
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	8.7.1
atlassian	confluence_server	8.7.2
atlassian	confluence_server	8.8.0
atlassian	confluence_server	8.8.1
atlassian	fisheye	*
atlassian	crucible	*
atlassian	jira_data_center	*
atlassian	jira_data_center	*
atlassian	jira_server	*
atlassian	jira_server	*
atlassian	jira_service_management	*
atlassian	jira_service_management	*
atlassian	jira_service_management	*
atlassian	jira_service_management	*
atlassian	jira_service_management	*
atlassian	jira_service_management	5.15.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D7B3C669-9F09-41DF-BBE7-924A59EDC2DE",
              "versionEndExcluding": "7.19.24",
              "versionStartIncluding": "7.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA11366E-1323-4E23-BC48-98E5A278ACBC",
              "versionEndIncluding": "7.20.3",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E04D444-3EB1-4738-B7E2-5B7AE2E5E362",
              "versionEndIncluding": "8.0.4",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F0C549F-BE94-4E69-AD21-7472364DCDEE",
              "versionEndIncluding": "8.1.4",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0850948D-AE6D-4DCA-9BA0-9980E6BFC202",
              "versionEndIncluding": "8.2.3",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D5B3B0-7F7E-49B6-8C2D-FF4D824A9315",
              "versionEndIncluding": "8.3.4",
              "versionStartIncluding": "8.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BDBED4-B502-444B-8C8C-EDC8CD0717F1",
              "versionEndIncluding": "8.4.5",
              "versionStartIncluding": "8.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "9551EBA1-2B49-4420-867D-2B20C76C41C4",
              "versionEndExcluding": "8.5.11",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28B7617-2765-4C27-AC74-8C583ABF1977",
              "versionEndIncluding": "8.6.2",
              "versionStartIncluding": "8.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F595865-0E49-45DC-B30F-F0AFEE524F07",
              "versionEndExcluding": "8.9.3",
              "versionStartIncluding": "8.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A3DA1F-C35D-464A-8E01-B2D8F05F85A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1147BC2D-633D-40BB-8303-53D5FE8CB0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F13F5EE-7BAE-4F46-ACDD-65155EF457F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AFB1065-37A0-49ED-BA0A-F2F01797F45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "CD7F7846-0310-483C-8F99-899ABBBB020E",
              "versionEndExcluding": "7.19.24",
              "versionStartIncluding": "7.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72EB6154-9A86-4A14-A341-D357D9FCB0DF",
              "versionEndIncluding": "7.20.3",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACE3F2DE-01CD-4CBC-B8F5-86ACCA6DC62A",
              "versionEndIncluding": "8.0.4",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8201C848-0F3F-42B3-9430-A628CFC96B1B",
              "versionEndIncluding": "8.1.4",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4451E75A-00F4-4AC2-BE18-CCB1471B88BF",
              "versionEndIncluding": "8.2.3",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5FF2B9F-070E-458F-BD17-20A4ECBEAD72",
              "versionEndIncluding": "8.3.4",
              "versionStartIncluding": "8.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CE6EAD-724D-49C4-BE5A-C45884C1F237",
              "versionEndIncluding": "8.4.5",
              "versionStartIncluding": "8.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "4C148D09-E45D-473E-9794-6C9AD0FC0AE6",
              "versionEndExcluding": "8.5.11",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA046009-AC63-4DF2-90E0-38873BD4614E",
              "versionEndIncluding": "8.6.2",
              "versionStartIncluding": "8.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5361DD21-10D1-4FBB-A358-61C0836BEDE1",
              "versionEndIncluding": "8.9.2",
              "versionStartIncluding": "8.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB0C806-A61F-4238-BE92-25FD9B771EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:8.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1245106-DD17-410F-963D-6877C19ED65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F9DEA9-BBB4-4205-9557-CAD0184DA3F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7228BE60-B856-4C52-B7A5-014D1768CD33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4B4DC7-D3A9-4A0C-9C9B-68711F2472AA",
              "versionEndExcluding": "4.8.15",
              "versionStartIncluding": "4.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA6AF694-D9E9-47C3-B8FB-643163511825",
              "versionEndExcluding": "4.8.15",
              "versionStartIncluding": "4.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "78397A02-75F9-487F-927F-FE6AFE5E7093",
              "versionEndExcluding": "9.4.21",
              "versionStartIncluding": "9.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F445667E-4ED3-4678-A4CF-967256B1B971",
              "versionEndExcluding": "9.12.8",
              "versionStartIncluding": "9.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "3987D09A-187F-4830-BF59-D1AC122A9A25",
              "versionEndExcluding": "9.4.21",
              "versionStartIncluding": "9.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C7030689-7B4A-45C7-830B-6DCA8D621C1A",
              "versionEndExcluding": "9.12.8",
              "versionStartIncluding": "9.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "52690604-A588-4FF9-AC7B-AAD650341830",
              "versionEndExcluding": "5.4.21",
              "versionStartIncluding": "5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "85E5EC00-D5EA-4F73-9863-D0E49B876758",
              "versionEndExcluding": "5.12.8",
              "versionStartIncluding": "5.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "8C9730C4-AC8D-4090-BD5A-9C84FEBF45C5",
              "versionEndExcluding": "5.16.0",
              "versionStartIncluding": "5.15.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
              "matchCriteriaId": "4653B8B5-A878-4652-A33D-F33A1A8FF467",
              "versionEndExcluding": "5.4.21",
              "versionStartIncluding": "5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
              "matchCriteriaId": "6BD985F0-7250-4ACA-8060-8361F1FB94BE",
              "versionEndExcluding": "5.12.8",
              "versionStartIncluding": "5.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.15.2:*:*:*:server:*:*:*",
              "matchCriteriaId": "0EB3116A-C1A0-4CA8-9404-FB705DE5B14A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\n\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\n\nThis vulnerability was found internally."
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo) de alta gravedad se introdujo en la versi\u00f3n 5.2 de Confluence Data Center and Server. Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo), con una puntuaci\u00f3n CVSS de 8,3, permite a un atacante autenticado ejecutar c\u00f3digo arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Confluence Data Center y Server actualicen a la \u00faltima versi\u00f3n. Si no puede hacerlo, actualice su instancia a una de las versiones fijas admitidas especificadas. Consulte las notas de la versi\u00f3n https://confluence.atlassian.com/doc/confluence-release-notes-327.html Puede descargar la \u00faltima versi\u00f3n de Confluence Data Center and Server desde el centro de descargas https://www.atlassian.com /software/confluence/descargar-archivos. Esta vulnerabilidad se encontr\u00f3 internamente."
    }
  ],
  "id": "CVE-2024-21683",
  "lastModified": "2025-05-12T16:15:20.467",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security@atlassian.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-21T23:15:07.923",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-VR88-2HV2-5JVF

Vulnerability from github – Published: 2024-05-22 00:30 – Updated: 2025-05-12 18:31

Details

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.

This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.

Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html

You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.

This vulnerability was found internally.

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-21683"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\n\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\n\nThis vulnerability was found internally.",
  "id": "GHSA-vr88-2hv2-5jvf",
  "modified": "2025-05-12T18:31:20Z",
  "published": "2024-05-22T00:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21683"
    },
    {
      "type": "WEB",
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1387867145"
    },
    {
      "type": "WEB",
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
    },
    {
      "type": "WEB",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-21683

Vulnerability from gsd - Updated: 2024-01-01 06:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-21683

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-21683"
      ],
      "id": "GSD-2024-21683",
      "modified": "2024-01-01T06:02:05.168644Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-21683",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-21683 (GCVE-0-2024-21683)

CERTFR-2024-AVI-0432

Solutions

CVE-2024-21683

FKIE_CVE-2024-21683

GHSA-VR88-2HV2-5JVF

GSD-2024-21683

Tags

Sightings

Nomenclature