Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2024-21683

Published: 21/05/2024 Updated: 10/06/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated malicious user to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.  Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atlassian confluence data center

atlassian confluence data center 8.7.2

atlassian confluence data center 8.8.1

atlassian confluence data center 8.8.0

atlassian confluence data center 8.7.1

atlassian confluence data center 8.9.0

atlassian confluence server

atlassian confluence server 8.7.1

atlassian confluence server 8.7.2

atlassian confluence server 8.8.0

atlassian confluence server 8.8.1

atlassian confluence server 8.9.0

Vendor Advisories

Check Point Security Alerts: Atlassian Confluence Remote Code Execution (CVE-2024-21683)
Check Point Reference: CPAI-2024-0352 Date Published: 4 Jun 2024 Severity: High ...

Github Repositories

https://github.com/W01fh4cker/CVE-2024-21683-RCE

CVE-2024-21683 Post Auth RCE

CVE-2024-21683-RCE Usage git clone githubcom/W01fh4cker/CVE-2024-21683-RCE cd CVE-2024-21683-RCE pip install requests bs4 python CVE-2024-21683py -u 1921681981:8090 -au admin -ap admin -f exploitjs -n test -p 127001:8083 exploitjs: new javalangProcessBuilder["(javalangString[])"](["calce

https://github.com/Arbeys/CVE-2024-21683-PoC

chained Exploit to achieve unauthenticated RCE on confluence data center and server using the CVE-2024-21683 as RCE and undisclosed auth bypass.

CVE-2024-21683 is an RCE (remote code execution) which affects both confluence server and data center Details: CVE-2024-21683 itself is an authenticated RCE vulnerability which gives an attacker the ability to execute command as the confluence user, which requires no user interaction, this vulnerability can be dangerous while its chained with an authentication bypass to gain u

https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server

This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server. The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API. This allows an attacker to inject malicious code into the Confluence server, which can then be executed by the server

-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API This allows an attacker to inject malicious code into the Confluence server, which can then b

https://github.com/xh4vm/CVE-2024-21683

CVE-2024-21683 21 мая 2024 года была зарегистрирована уязвимость в Confluence Data Center and Server, получившая номер CVE-2024-21683, а также высокий балл 83 по метрике CVSS Данная уязвимость позволяет авторизованному пользователю с налич

https://github.com/r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server

This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server. The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API. This allows an attacker to inject malicious code into the Confluence server, which can then be executed by the server

-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API This allows an attacker to inject malicious code into the Confluence server, which can then b

https://github.com/hoanpk912/CVE-2024-21683-POC

CVE-2024-21683 POC POST /admin/plugins/newcode/addlanguageaction HTTP/11 Host: localhost:8090 User-Agent: Mozilla/50 (Windows NT 100; Win64; x64; rv:1260) Gecko/20100101 Firefox/1260 Accept: text/html,application/xhtml+xml,application/xml;q=09,image/avif,image/webp,*/*;q=08 Accept-Language: en-US,en;q=05 Accept-Encoding: gzip, deflate, br Content-Type: multipart/form-d

References

NVD-CWE-noinfohttps://confluence.atlassian.com/pages/viewpage.action?pageId=1387867145https://jira.atlassian.com/browse/CONFSERVER-95832https://nvd.nist.govhttps://github.com/W01fh4cker/CVE-2024-21683-RCEhttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0352.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusionIMAPCVE-2024-36103CVE-2024-28995CVE-2024-37325CVE-2024-30078CVE-2024-30082SQL injectionCVE-2024-30052
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook