Vulnerability in Atlassian Confluence Data Center
CVE-2024-21683
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to…
EPSS: 0.941 (99.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Atlassian Confluence Data Center — versions 8.9.0, 8.8.0 to 8.8.1, 8.7.1 to 8.7.2
Public proof-of-concept exploits
- W01fh4cker/CVE-2024-21683-RCE
- absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server
- phucrio/CVE-2024-21683-RCE
- r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server
- r3db34rdh4x/cve-2024-21683-rce
- rapid7/metasploit-framework
- Arbeys/CVE-2024-21683-PoC
- DMW11525708/wiki
- GhostTroops/TOP
- Lern0n/Lernon-POC
References
Frequently asked questions
- What is CVE-2024-21683?
- CVE-2024-21683 is a high-severity vulnerability in Atlassian Confluence Data Center. CVSS score: 7.2/10. Published 2024-05-21.
- How severe is CVE-2024-21683?
- High severity. CVSS v3 base score is 7.2 out of 10.
- Is CVE-2024-21683 known to be exploited?
- 48 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.