CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-21683

Critical Severity
Atlassian
SVRS
77/100
CVSSv3
NA/10
EPSS
0.93975/1

CVE-2024-21683 is a critical Remote Code Execution (RCE) vulnerability in Atlassian Confluence Data Center and Server. While the CVSS score is 7.2, indicating high severity, SOCRadar's Vulnerability Risk Score (SVRS) is 77, emphasizing the urgency of remediation. This vulnerability allows an authenticated attacker to execute arbitrary code, potentially compromising the confidentiality, integrity, and availability of affected systems. The vulnerability exists in version 5.2 and has active exploits published, increasing the risk of exploitation. Atlassian recommends upgrading to the latest version or a specified fixed version to mitigate this risk. Given the ease of exploitation and potential for significant damage, organizations using vulnerable versions of Confluence should prioritize patching or upgrading their systems immediately.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
PUBLICATION DATE2025-03-14
LAST MODIFIED2024-05-21
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-21683 is a high-severity RCE (Remote Code Execution) vulnerability in Confluence Data Center and Server versions 5.2 and later. It allows an authenticated attacker to execute arbitrary code, potentially leading to complete system compromise. The vulnerability has a CVSS score of 8.8 and an SVRS of 87, indicating a critical threat that requires immediate attention.

Key Insights

  • High Impact: This vulnerability can result in high impact to confidentiality, integrity, and availability, allowing attackers to access sensitive data, modify or delete critical information, and disrupt system operations.
  • Authenticated Attack: The vulnerability requires an authenticated attacker, indicating that attackers must first gain access to the Confluence instance through other means, such as phishing or credential theft.
  • Active Exploits: Active exploits have been published, indicating that attackers are actively exploiting the vulnerability in the wild.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures to mitigate the risk.

Mitigation Strategies

  • Upgrade to Latest Version: Atlassian recommends upgrading to the latest version of Confluence Data Center and Server, which includes a fix for this vulnerability.
  • Apply Fixed Version: If upgrading is not immediately possible, apply one of the specified supported fixed versions as recommended by Atlassian.
  • Restrict Access: Implement strong authentication measures and limit access to Confluence to only authorized users.
  • Monitor for Suspicious Activity: Regularly monitor Confluence logs and systems for any suspicious activity or unauthorized access attempts.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Arbeys/CVE-2024-21683-PoChttps://github.com/Arbeys/CVE-2024-21683-PoC2024-05-22
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Tuesday, June 4th, 2024
Dr. Johannes B. Ullrich2024-06-04
ISC StormCast for Tuesday, June 4th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Custom Wireshark LUA Dissectors; COX Cable Modem API; Malicious Stack Overflow Answers;A Wireshark Lua Dissector for Fixed Field Length Protocols https://isc.sans.edu/diary/A%20Wireshark%20Lua%20Dissector%20for%20Fixed%20Field%20Length%20Protocols/30976 COX Cable Modem Admin API Weakness https://samcurry.net/hacking-millions-of-modems Malicous Stack Overflow Answers https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/ Atlasian Confluence Data
daily
sans.edu
rss
forum
CVE-2024-21683 | Atlassian Confluence Data Center up to 8.9.0 Privilege Escalation (CONFSERVER-95832)
vuldb.com2025-01-01
CVE-2024-21683 | Atlassian Confluence Data Center up to 8.9.0 Privilege Escalation (CONFSERVER-95832) | A vulnerability was suspected in Atlassian Confluence Data Center up to 8.9.0. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.
vuldb.com
rss
forum
news
1.771
2024-11-13
1.771 | Newly Added (103)Atlassian Confluence Server CVE-2019-20406 Privilege Escalation VulnerabilityAtlassian Confluence Server CVE-2023-22505 Remote Code Execution VulnerabilityAtlassian Confluence Server CVE-2024-21674 Code Injection VulnerabilityAtlassian
fortiguard.com
rss
forum
news
Metasploit Weekly Wrap-Up 07/12/2024
Brendan Watters2024-07-12
Metasploit Weekly Wrap-Up 07/12/2024 | This week's release features two new exploits targeting Confluence &amp; Ivanti -CVE-2024-21683 and CVE-2024-29824. Learn more!The Usual Suspects This release features two new exploits targeting old friends: Confluence and Ivanti. CVE-2024-21683 is a very easy vulnerability to exploit, but as pointed out in the <a href="https://
cve-2024-21683
cve-2024-29824
domains
urls
Atlassian Confluence Administrator Code Macro Remote Code Execution
2024-07-11
Atlassian Confluence Administrator Code Macro Remote Code Execution | This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.
packetstormsecurity.com
rss
forum
news
Data Breaches Digest - Week 23 2024
Dunkie ([email protected])2024-06-03
Data Breaches Digest - Week 23 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 3rd June and 9th June 2024. 9th June <br
cve-2024-21683
cve-2024-29974
cve-2024-4358
cve-2024-29972
Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms
Maine Basan2024-06-10
Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms | Explore recent RCE attacks and other vulnerabilities on major platforms. Stay updated on the latest fixes. The post Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms appeared first on eSecurity Planet.Last week&#8217;s vulnerability news revealed a significant increase in serious flaws targeted by cyber threat actors across multiple large platforms. The recent remote code execution
cve-2024-21683
cve-2024-4358
cve-2024-29974
cve-2018-20062

Social Media

CVE-2024-21683 0-click RCE Affected versions are from Win server 2000 to Win server 2025 A vulnerability in the Windows Remote Desktop Licensing (RDL) service in which 170,000 such hosts are currently exposed on the Internet. #vulnerability #cyber #CybersecurityNews #News https://t.co/ckpQq1Xviv
0
0
0
So we've recently found out that Atlassian's Confluence Data Center and Server had an RCE vulnerability. The vulnerability allows authenticated threat actors to execute arbitrary code and has been given a CVSS score of 8.3 (High). CVE-2024-21683, as it is now known, does…
0
0
1
🚨 High-Risk #Atlassian Confluence RCE Vulnerability (CVE-2024-21683) Fixed! If you’re self-hosting Confluence Server/Data Center, upgrade NOW to the latest version to avoid potential exploitation. A PoC is public, making this flaw easy to weaponise. #CyberSecurity #InfoSec https://t.co/HbtmrfKZZk
0
0
1
⚠️🔥 IMPORTANT SECURITY WARNING 🔥⚠️ A critical vulnerability has been discovered in Confluence, known as CVE-2024-21683. This vulnerability allows Authenticated Remote Code Execution (RCE). Vulnerability Details https://t.co/iBt3dEMNlo https://t.co/pprOYznjWw
0
0
0
A #vulnerability in the #Atlassian Confluence Data Center and Server, leading to remote code execution. Identified as CVE-2024-21683, this vulnerability carries a high CVSS score of 8.3 out of 10, indicating a significant level of severity https://t.co/BJiUIEtNB0
0
0
0
Good morning! Atlassian Confluence Data Center and Server remote code execution, CVE-2024-21683, CVSS 8.3 https://t.co/9mbCUGiStM attrib = SonicWall Capture Labs Threat Research, https://t.co/XEPr5Vjuvv
0
0
0
High-risk #Atlassian #Confluence RCE fixed, PoC available (CVE-2024-21683) - Help Net Security https://t.co/Lt0xSCmMdE
0
0
0
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) - https://t.co/RpyxyjHxKQ - @Atlassian @SonicWall @realalphaman_ #CVE #PoC #Vulnerability #CyberSecurity #netsec #security #InfoSecurity #CISO #ITsecurity #CyberSecurityNews #SecurityNews
0
0
1
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) https://t.co/G7mxNh32DN
0
1
1
High-risk #Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683): https://t.co/YXBhLkxPQt #vulnerability #cybersecurity
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppAtlassianconfluence_data_center
Configuration 2
TypeVendorProduct
AppAtlassianconfluence_server

References

ReferenceLink
[email protected]https://confluence.atlassian.com/pages/viewpage.action?pageId=1387867145
[email protected]https://jira.atlassian.com/browse/CONFSERVER-95832
[email protected]https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211
[email protected]https://jira.atlassian.com/browse/CONFSERVER-95832

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence