CVE-2024-21673: 
Confluence Server vulnerability analysis and mitigation

A high-severity Remote Code Execution (RCE) vulnerability (CVE-2024-21673) was discovered in Confluence Data Center and Server versions 7.13.0 and later. The vulnerability was disclosed on January 16, 2024, affecting multiple versions of the software including versions 7.19.0 through 8.7.1. This security issue allows authenticated attackers to execute arbitrary code on affected systems (Vendor Advisory).

The vulnerability has been assigned a CVSS v3.0 score of 8.0 (High) with the vector string CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H. This indicates that the vulnerability requires network access, has high attack complexity, requires high privileges, needs no user interaction, and has high impacts on confidentiality, integrity, and availability. The vulnerability is classified as CWE-94 (Improper Control of Generation of Code) (NVD).

The vulnerability has severe potential impacts with high ratings for confidentiality, integrity, and availability. When successfully exploited, it allows authenticated attackers to expose assets in the environment susceptible to exploitation. The scope is changed, meaning the vulnerable component impacts resources beyond its security scope (Vendor Advisory).

Atlassian recommends upgrading to the latest version of Confluence Data Center and Server. For those unable to upgrade to the latest version, specific fixed versions are provided: Confluence Data Center and Server 7.19 should upgrade to release 7.19.18 or any higher 7.19.x release, version 8.5 should upgrade to release 8.5.5 or any higher 8.5.x release, and version 8.7 should upgrade to release 8.7.2 or any higher release (Vendor Advisory).