PT-2024-1278 · Atlassian · Confluence
Ddv_Ua
+1
·
Published
2024-01-15
·
Updated
2025-06-02
·
CVE-2024-21672
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Confluence Data Center and Server versions 2.1.0 through 7.19.17
Confluence Data Center and Server versions 8.5.0 through 8.5.4
Confluence Data Center and Server versions 8.7.0 through 8.7.1
Description
This issue is a Remote Code Execution (RCE) vulnerability that allows an unauthenticated attacker to remotely expose assets in the environment, susceptible to exploitation. It has a high impact on confidentiality, integrity, and availability and requires user interaction. The vulnerability is related to insufficient input validation.
Recommendations
For Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release
For Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release
For Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Confluence