Atlassian Confluence Security Update Advisory (CVE-2024-21672)

Overview

 

An update has been made available to fix vulnerabilities in the Atlassian Confluence product. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

Atlassian Confluence Data Center and Server versions 7.13.0, 7.19.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, and 8.7.1

 

Resolved Vulnerabilities

 

Remote code execution vulnerability in Atlassian Confluence Data Center and Server (CVE-2024-21672)

 

Vulnerability Patches

 

Vulnerability patches were made available in the January 16, 2024 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

Atlassian Confluence Data Center and Server versions 7.19.18, 8.5.5, and 8.7.2

 

Referenced Sites

 

[1] Remote Code Execution (RCE) in Confluence Data Center and Server
https://jira.atlassian.com/browse/CONFSERVER-94064
[2] Security Bulletin – January 16 2024
https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html
[3] CVE-2024-21672 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-21672
[4] CVE-2024-21672
https://www.atlassian.com/trust/data-protection/vulnerabilities