How severe is CVE-2024-21690?

High severity. CVSS v3 base score is 7.1 out of 10.

Is CVE-2024-21690 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Confluence Data Center

CVE-2024-21690

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server…

EPSS: 0.007 (71.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N.

Affected products

Atlassian Confluence Data Center — versions 8.9.0 to 8.9.5, 8.8.0 to 8.8.1, 8.7.1 to 8.7.2
Atlassian Confluence Server — versions 8.5.0 to 8.5.12, 8.4.0 to 8.4.5, 8.3.0 to 8.3.4

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-21690?: CVE-2024-21690 is a high-severity vulnerability in Atlassian Confluence Data Center. CVSS score: 7.1/10. Published 2024-08-21.
How severe is CVE-2024-21690?: High severity. CVSS v3 base score is 7.1 out of 10.
Is CVE-2024-21690 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.