CVE-2024-21683
High PUBLISHEDThis High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote...
Not yet in CISA KEV
Recommended Action
Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
At a Glance
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.
- CVE Published
- May 21, 2024
- Exploitation Reported
- May 21, 2024
- CVSS
- 7.2 High
- EPSS
- —
Affected Versions
| Vendor | Product | Version | Status |
|---|---|---|---|
| Atlassian |
Confluence Data Center
|
8.9.0 |
Affected |
| Atlassian |
Confluence Data Center
|
8.8.0 to 8.8.1 |
Affected |
| Atlassian |
Confluence Data Center
|
8.7.1 to 8.7.2 |
Affected |
| Atlassian |
Confluence Data Center
|
8.6.0 to 8.6.2 |
Affected |
| Atlassian |
Confluence Data Center
|
8.5.0 to 8.5.8 |
Affected |
| Atlassian |
Confluence Data Center
|
8.4.0 to 8.4.5 |
Affected |
| Atlassian |
Confluence Data Center
|
8.3.0 to 8.3.4 |
Affected |
| Atlassian |
Confluence Data Center
|
8.2.0 to 8.2.3 |
Affected |
| Atlassian |
Confluence Data Center
|
8.1.0 to 8.1.4 |
Affected |
| Atlassian |
Confluence Data Center
|
8.0.0 to 8.0.4 |
Affected |
| Atlassian |
Confluence Data Center
|
7.20.0 to 7.20.3 |
Affected |
| Atlassian |
Confluence Data Center
|
7.19.0 to 7.19.21 |
Affected |
| Atlassian |
Confluence Data Center
|
8.9.1 to 8.9.2 |
Unaffected |
| Atlassian |
Confluence Data Center
|
8.5.9 to 8.5.10 |
Unaffected |
| Atlassian |
Confluence Data Center
|
7.19.22 to 7.19.23 |
Unaffected |
CVE References
- confluence.atlassian.com/pages/viewpage.action confluence.atlassian.com · CVE Record https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211
- jira.atlassian.com/browse/CONFSERVER-95832 jira.atlassian.com · CVE Record https://jira.atlassian.com/browse/CONFSERVER-95832
Recommended Actions
- Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
- Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
- Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.
Known Exploited Vulnerability Sources
Catalogues that list this CVE as a known exploited vulnerability.
Per-source evidence links for KEV attestations are available through the KEVIntel Pro API.
Learn about Pro API access| Source | Added |
|---|---|
| The Shadowserver First | 2024-05-21 23:00 UTC |
Scanner Artifacts
Nuclei and Metasploit references linked to this CVE.
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-21683.yaml | Apr 25, 2025 |
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_rce_cve_2024_21683.rb | Apr 28, 2025 |
Virtual Patch
Compensating WAF rules to help reduce exposure to this CVE. Rule content and deployable vendor exports are available with KEVIntel Enterprise.
KEVIntel does not currently have a virtual patch for this CVE. When available, KEVIntel virtual patches ship as deployable ModSecurity, Cloudflare, and AWS WAF rules.
Enterprise feature. Virtual patch rule content and deployable vendor exports (ModSecurity, Cloudflare, AWS WAF) are available to KEVIntel Enterprise users via the Pro API.
Learn About Virtual PatchesCVSS Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
Exploited in the wild
Recorded 2024-05-21 23:00:00 UTC · The Shadowserver
Proof of concept available
Recorded 2024-05-24 05:38:18 UTC · GitHub
Scanner Integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_rce_cve_2024_21683.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-21683.yaml | Apr 25, 2025 |
Potential Proof of Concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-05-24 05:38:18 UTC · 10 stars
This vulnerability could allow an attacker to take complete control of a vulnerable Confluence server. This could allow the attacker to steal data, modify data, or disrupt the availability of the server.
github · Created 2024-05-23 09:05:40 UTC · 127 stars
CVE-2024-21683 Confluence Post Auth RCE
github · Created 2024-05-23 02:10:24 UTC · 1 stars
This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server. The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API. This allows an attacker to inject malicious code into the Confluence server, which can then be executed by the server
nuclei · Created Unknown
metasploit · Created Unknown
Metasploit module for CVE-2024-21683
Timeline
Key exploitation, disclosure, scanner coverage, and KEV attestation events for this CVE.
-
15:02 UTC about 1 year ago15:02 UTC · about 1 year ago
Metasploit module available
Exploit module available
-
00:00 UTC about 1 year ago00:00 UTC · about 1 year ago
Nuclei template available
Scanner coverage available
-
05:38 UTC about 2 years ago05:38 UTC · about 2 years ago
Public PoC available
Public proof-of-concept code published
-
23:00 UTC about 2 years ago23:00 UTC · about 2 years ago
CVE published
Vulnerability disclosed publicly
-
23:00 UTC about 2 years ago23:00 UTC · about 2 years ago
Added to KEVIntel KEV Feed
High-confidence, third-party attested exploitation
-
00:05 UTC over 2 years ago00:05 UTC · over 2 years ago
CVE ID reserved
Identifier reserved by the CNA
Automate This Intelligence with the Pro API
Confidence scoring, exploit status, sensor telemetry, PoCs, scanner integrations, mentions, and tags are available programmatically for VM, SOC, and CTI workflows.
Pro API Example
GET /api/v2/pro/kevs/CVE-2024-21683
{
"cve_id": "CVE-2024-21683",
"title": "This High severity RCE (Remote Code Execution) vulnerability was introduced i...",
"affected_vendor": "Atlassian",
"affected_product": "Confluence Data Center",
"affected_versions": [
{ "vendor": "...", "product": "...", "status": "affected", "display_label": "..." }
],
"confidence": "High",
"cvss_score": 7.2,
"epss_score": null,
"exploit_status": {
"exploited_in_the_wild": true,
"active_exploitation_observed": false
},
"sensor_telemetry": { "...": "Pro API fields" },
"proof_of_concepts": [ "..." ],
"scanner_integrations": [ "..." ]
}