CVE-2024-21674: 
Confluence Server vulnerability analysis and mitigation

A high severity Remote Code Execution (RCE) vulnerability (CVE-2024-21674) was discovered in Confluence Data Center and Server. The vulnerability was introduced in version 7.13.0 and allows an unauthenticated attacker to expose assets in the environment. With a CVSS Score of 8.6, this vulnerability has a high impact on confidentiality but no impact on integrity or availability (NVD, Atlassian Security).

The vulnerability is characterized by a CVSS vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N, indicating it can be exploited remotely with low attack complexity, requires no privileges or user interaction, and has a high impact on confidentiality. The vulnerability is classified as a code injection issue under CWE-94 (Improper Control of Generation of Code) (NVD, Jira Issue).

The vulnerability allows unauthenticated attackers to expose assets in the environment, with a significant impact on confidentiality. The attack vector is network-accessible and requires no special conditions or user interaction for successful exploitation (Atlassian Security).

Atlassian recommends upgrading to the latest version of Confluence Data Center and Server. For those unable to upgrade to the latest version, specific fixed versions are available: Confluence Data Center and Server 7.19 should upgrade to 7.19.18 or higher 7.19.x release, version 8.5 should upgrade to 8.5.5 or higher 8.5.x release, and version 8.7 should upgrade to 8.7.2 or higher release (Atlassian Security).