8.8
CVSSv3

CVE-2024-21683

Published: 21/05/2024 Updated: 21/11/2024

Vulnerability Summary

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated malicious user to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.  Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atlassian confluence data center

atlassian confluence data center 8.7.1

atlassian confluence data center 8.7.2

atlassian confluence data center 8.8.0

atlassian confluence data center 8.8.1

atlassian confluence data center 8.9.0

atlassian confluence server

atlassian confluence server 8.7.1

atlassian confluence server 8.7.2

atlassian confluence server 8.8.0

atlassian confluence server 8.8.1

atlassian confluence server 8.9.0

Vendor Advisories

Check Point Reference: CPAI-2024-0352 Date Published: 4 Jun 2024 Severity: High ...

Exploits

This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683 The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files This facilitates arbitrary code execution This exploit will authenticate, validate user privileges, e ...
This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683 The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files This facilitates arbitrary code execution This exploit will authenticate, validate ...

Metasploit Modules

Atlassian Confluence Administrator Code Macro Remote Code Execution

This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.

msf > use exploit/multi/http/atlassian_confluence_rce_cve_2024_21683
msf exploit(atlassian_confluence_rce_cve_2024_21683) > show targets
    ...targets...
msf exploit(atlassian_confluence_rce_cve_2024_21683) > set TARGET < target-id >
msf exploit(atlassian_confluence_rce_cve_2024_21683) > show options
    ...show and set options...
msf exploit(atlassian_confluence_rce_cve_2024_21683) > exploit

Github Repositories

This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server. The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API. This allows an attacker to inject malicious code into the Confluence server, which can then be executed by the server

-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API This allows an attacker to inject malicious code into the Confluence server, which can then b

CVE-2024-21683 POC POST /admin/plugins/newcode/addlanguageaction HTTP/11 Host: localhost:8090 User-Agent: Mozilla/50 (Windows NT 100; Win64; x64; rv:1260) Gecko/20100101 Firefox/1260 Accept: text/html,application/xhtml+xml,application/xml;q=09,image/avif,image/webp,*/*;q=08 Accept-Language: en-US,en;q=05 Accept-Encoding: gzip, deflate, br Content-Type: multipart/form-d

This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server. The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API. This allows an attacker to inject malicious code into the Confluence server, which can then be executed by the server

-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API This allows an attacker to inject malicious code into the Confluence server, which can then b

CVE-2024-21683 Post Auth RCE

CVE-2024-21683-RCE Usage git clone githubcom/W01fh4cker/CVE-2024-21683-RCE cd CVE-2024-21683-RCE pip install requests bs4 python CVE-2024-21683py -u 1921681981:8090 -au admin -ap admin -f exploitjs -n test -p 127001:8083 exploitjs: new javalangProcessBuilder["(javalangString[])"](["calce

CVE-2024-21683 Confluence Post Auth RCE

cve-2024-21683-rce CVE-2024-21683 是一个严重的远程代码执行(RCE)漏洞,影响 Atlassian 的 Confluence Server 和 Data Center。 该漏洞的 CVSS 得分为 83,属于高严重性类别。攻击者可以通过精心构造的恶意 JavaScript 文件,利用此漏洞执行远程代码,无需用户交互。 然而,攻击者需要先登录到 Confluence 系

chained Exploit to achieve unauthenticated RCE on confluence data center and server using the CVE-2024-21683 as RCE and undisclosed auth bypass.

CVE-2024-21683 is an RCE (remote code execution) which affects both confluence server and data center Details: CVE-2024-21683 itself is an authenticated RCE vulnerability which gives an attacker the ability to execute command as the confluence user, which requires no user interaction, this vulnerability can be dangerous while its chained with an authentication bypass to gain u

CVE-2024-21683 21 мая 2024 года была зарегистрирована уязвимость в Confluence Data Center and Server, получившая номер CVE-2024-21683, а также высокий балл 83 по метрике CVSS Данная уязвимость позволяет авторизованному пользователю с налич