CVE-2024-21683

Name of the Vulnerable Software and Affected Versions Confluence Data Center and Server versions 5.2 through 8.9.0 Confluence Data Center versions 8.8.0 through 8.8.1 Confluence Data Center versions 8.7.0 through 8.7.2 Confluence Data Center versions 8.6.0 through 8.6.2 Confluence Data Center versions 8.5.0 through 8.5.8 LTS Confluence Data Center versions 8.4.0 through 8.4.5 Confluence Data Center versions 8.3.0 through 8.3.4 Confluence Data Center versions 8.2.0 through 8.2.3 Confluence Data Center versions 8.1.0 through 8.1.4 Confluence Data Center versions 8.0.0 through 8.0.4 Confluence Data Center versions 7.20.0 through 7.20.3 Confluence Data Center versions 7.19.0 through 7.19.21 LTS Confluence Data Center versions 7.18.0 through 7.18.3 Confluence Data Center versions 7.17.0 through 7.17.5 Confluence Server versions 8.5.0 through 8.5.8 LTS Confluence Server versions 8.4.0 through 8.4.5 Confluence Server versions 8.3.0 through 8.3.4 Confluence Server versions 8.2.0 through 8.2.3 Confluence Server versions 8.1.0 through 8.1.4 Confluence Server versions 8.0.0 through 8.0.4 Confluence Server versions 7.20.0 through 7.20.3 Confluence Server versions 7.19.0 through 7.19.21 LTS Confluence Server versions 7.18.0 through 7.18.3 Confluence Server versions 7.17.0 through 7.17.5

Description This is a high-severity Remote Code Execution (RCE) vulnerability that allows an authenticated attacker to execute arbitrary code, which has a high impact on confidentiality, integrity, and availability, and requires no user interaction. The vulnerability exists due to errors in processing input data. It is estimated that over 224,962 potentially vulnerable instances of Confluence Data Center and Confluence Server are exposed to the internet, with the majority located in the USA, Japan, France, and Germany. The vulnerability can be exploited by an authenticated threat actor to execute arbitrary code, and the compromised system can be used as a pivot point for further attacks within the network.

Recommendations For Confluence Data Center versions 8.9.0 and earlier, upgrade to version 8.9.1. For Confluence Data Center versions 8.8.0 through 8.8.1, upgrade to version 8.9.1. For Confluence Data Center versions 8.7.0 through 8.7.2, upgrade to version 8.9.1. For Confluence Data Center versions 8.6.0 through 8.6.2, upgrade to version 8.9.1. For Confluence Data Center versions 8.5.0 through 8.5.8 LTS, upgrade to version 8.9.1 or 8.5.9 LTS. For Confluence Data Center versions 8.4.0 through 8.4.5, upgrade to version 8.9.1 or 8.5.9 LTS. For Confluence Data Center versions 8.3.0 through 8.3.4, upgrade to version 8.9.1 or 8.5.9 LTS. For Confluence Data Center versions 8.2.0 through 8.2.3, upgrade to version 8.9.1 or 8.5.9 LTS. For Confluence Data Center versions 8.1.0 through 8.1.4, upgrade to version 8.9.1 or 8.5.9 LTS. For Confluence Data Center versions 8.0.0 through 8.0.4, upgrade to version 8.9.1 or 8.5.9 LTS. For Confluence Data Center versions 7.20.0 through 7.20.3, upgrade to version 8.9.1 or 8.5.9 LTS. For Confluence Data Center versions 7.19.0 through 7.19.21 LTS, upgrade to version 8.9.1, 8.5.9 LTS, or 7.19.22 LTS. For Confluence Data Center versions 7.18.0 through 7.18.3, upgrade to version 8.9.1, 8.5.9 LTS, or 7.19.22 LTS. For Confluence Data Center versions 7.17.0 through 7.17.5, upgrade to version 8.9.1, 8.5.9 LTS, or 7.19.22 LTS. For Confluence Server versions 8.5.0 through 8.5.8 LTS, upgrade to version 8.5.9 LTS. For Confluence Server versions 8.4.0 through 8.4.5, upgrade to version 8.5.9 LTS. For Confluence Server versions 8.3.0 through 8.3.4, upgrade to version 8.5.9 LTS. For Confluence Server versions 8.2.0 through 8.2.3, upgrade to version 8.5.9 LTS. For Confluence Server versions 8.1.0 through 8.1.4, upgrade to version 8.5.9 LTS. For Confluence Server versions 8.0.0 through 8.0.4, upgrade to version 8.5.9 LTS. For Confluence Server versions 7.20.0 through 7.20.3, upgrade to version 8.5.9 LTS. For Confluence Server versions 7.19.0 through 7.19.21 LTS, upgrade to version 8.5.9 LTS or 7.19.22 LTS. For Confluence Server versions 7.18.0 through 7.18.3, upgrade to version 8.5.9 LTS or 7.19.22 LTS. For Confluence Server versions 7.17.0 through 7.17.5, upgrade to version 8.5.9 LTS or 7.19.22 LTS.