High-Severity Vulnerability in Atlassian Confluence Data Center and Server

Published on 05 Jun 2024

Atlassian has released security updates addressing a high severity vulnerability (CVE-2024-21683) affecting their Confluence Data Center and Server products.

Successful exploitation of the vulnerability could allow an authenticated attacker to execute arbitrary code by uploading files containing malicious Java code and requires no user interaction.

The vulnerability affects the following product versions:

• Confluence Data Center version 8.9.0

• Confluence Data Center version 8.8.0 to 8.8.1

• Confluence Data Center version 8.7.0 to 8.7.2

• Confluence Data Center version 8.6.0 to 8.6.2

• Confluence Data Center and Server version 8.5.0 to 8.5.8 LTS

• Confluence Data Center and Server version 8.4.0 to 8.4.5

• Confluence Data Center and Server version 8.3.0 to 8.3.4

• Confluence Data Center and Server version 8.2.0 to 8.2.3

• Confluence Data Center and Server version 8.1.0 to 8.1.4

• Confluence Data Center and Server version 8.0.0 to 8.0.4

• Confluence Data Center and Server version 7.20.0 to 7.20.3

• Confluence Data Center and Server version 7.19.0 to 7.19.21 LTS

• Confluence Data Center and Server version 7.18.0 to 7.18.3

• Confluence Data Center and Server version 7.17.0 to 7.17.5

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2024-21683

https://jira.atlassian.com/browse/CONFSERVER-95832 https://www.securityweek.com/details-of-atlassian-confluence-rce-vulnerability-disclosed/

https://www.darkreading.com/vulnerabilities-threats/atlassian-confluence-high-severity-bug-allows-code-execution