CVE-2024-21672: 
Confluence Server vulnerability analysis and mitigation

A high severity Remote Code Execution (RCE) vulnerability (CVE-2024-21672) was discovered in Atlassian Confluence Data Center and Server. The vulnerability was introduced in version 2.1.0 and affects multiple versions including 7.19.x, 8.5.x, and 8.7.x series. This vulnerability allows an unauthenticated attacker to remotely execute code with user interaction required (Atlassian Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High) by NVD with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Atlassian's assessment gives it a CVSS v3.0 score of 8.3 (High) with vector string CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H. The vulnerability is classified as CWE-94 (Improper Control of Generation of Code) (NVD, JIRA).

The vulnerability has high impact on confidentiality, integrity, and availability of the affected systems. It allows an unauthenticated attacker to remotely expose assets in the environment susceptible to exploitation (Atlassian Advisory).

Atlassian recommends upgrading to the following fixed versions: Confluence Data Center and Server 7.19.18 or any higher 7.19.x release, 8.5.5 or any higher 8.5.x release, or 8.7.2 or any higher release. Users can download the latest version from the Atlassian download center (Atlassian Advisory).