HIGH · CVSS 8.3Disclosed 2024-05-21

CVE-2024-21683 — Confluence RCE

Authenticated RCE in Confluence — admin can execute arbitrary code via 'New Macro Language' configuration.

Affects

What an attacker does

Authenticated admin uploads malicious macro language definition; server executes during page render.

Confluence version + admin-account audit

Upgrade to patched Confluence

Securie findinghigh · CVSS 8.3

CVE-2024-21683

Securie's static-rules + identity-gov scan installed Confluence + admin-account count.

Scan my repo for CVE-2024-21683 →Securie scans every PR · free during early access