Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-21683
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.  Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Atlassian Confluence 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Atlassian Confluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。 Atlassian Confluence Data Center and Server存在安全漏洞,该漏洞源于存在远程代码执行问题,允许经过身份验证的攻击者执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
AtlassianConfluence Data Center 8.9.0 -
II. Public POCs for CVE-2024-21683
#POC DescriptionSource LinkShenlong Link
1This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server. The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API. This allows an attacker to inject malicious code into the Confluence server, which can then be executed by the serverhttps://github.com/r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-ServerPOC Details
2CVE-2024-21683 Confluence Post Auth RCEhttps://github.com/W01fh4cker/CVE-2024-21683-RCEPOC Details
3This vulnerability could allow an attacker to take complete control of a vulnerable Confluence server. This could allow the attacker to steal data, modify data, or disrupt the availability of the server.https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-ServerPOC Details
4Nonehttps://github.com/phucrio/CVE-2024-21683-RCEPOC Details
5Nonehttps://github.com/xh4vm/CVE-2024-21683POC Details
6CVE-2024-21683 Confluence Post Auth RCEhttps://github.com/XiaomingX/cve-2024-21683-rcePOC Details
7Detects a Remote Code Execution vulnerability in Confluence Data Center and Server versions prior to X.X (affected versions). This issue allows authenticated attackers to execute arbitrary code. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-21683.yamlPOC Details
8CVE-2024-21683 Confluence Post Auth RCEhttps://github.com/r3db34rdh4x/cve-2024-21683-rcePOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-21683
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Confluence Data Center
Same vendor: Atlassian
V. Comments for CVE-2024-21683

No comments yet

Leave a comment