A critical vulnerability impacting Confluence from Atlassian, identified by the references CVE-2024-21683, has been discovered. It has been assigned a respective CVSS 3.1 score of 8.3. It must be noted that there are multiple proofs of concept easily available online and this flaw impacts all versions since the 5.2.

The CVE-2024-21683 allows an attacker to remotely execute malicious commands on the server hosting Confluence. The attack requires to be authenticated as an administrator on the Confluence application, thus lowering the rick of the attack.


Technical details of Atlassian vulnerability

This vulnerability is exploitable by accessing specific API routes, including the following: https://<JiraURL>/admin/plugins/newcode/addlanguage.action. The root cause of this issue comes from the parsing of the data received on this route. This allows an attacker to initiate a java code execution with the potential risk of:

  • Stealing sensitive information;
  • Modifying or inserting data;
  • Denying of service.


Attack modelling with MITRE ATT&CK


  • T1190 (Exploit Public-Facing Application)


Atlassian vulnerability: Stormshield Network Security protections

Protection to face CVE-2024-21683

Stormshield Network Security firewalls (SNS) detect and block exploitation of CVE-2024-21683 with the protocol inspection:

  • http:client:data.177 : Exploitation of a code injection vulnerability in Atlassian Confluence (CVE-2024-21683)

Confidence index for the protection offered by Stormshield

Confidence index for the absence of false positives

Recommandations regarding the Atlassian vulnerability

It is highly recommended to update Confluence to one of the following versions:

  • 9.1 (or above);
  • 5.9 (or above) if you use the LTB branch

The official alert bulleting is available here: confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
Need more information about Stormshield protection? The Technical Support teams are at your disposal to help you. Contact them through the incident manager located in the MyStormshield private area. To access it, select the menu "Technical Support / Report an incident / Track an incident".
Stormshield's Cyber Threat Intelligence team has two primary missions: to study cyber threats to understand them and to continuously improve Stormshield product protections. All with the goal of contributing to the cybersecurity community's effort to address cyber threats.