Atlassian Confluence High-Severity Bug Allows Code Execution
Because of the role the Confluence Server plays in managing documentation and knowledge data bases, the researchers recommend users upgrade to patch CVE-2024-21683 as soon as possible.
The research team at SonicWall Capture Labs has discovered a remote code execution vulnerability in the Atlassian Confluence Data Center and Server.
The vulnerability, identified as CVE-2024-21683, has a high CVSS score of 8.3 out of 10, and allows an authenticated threat actor the ability to execute arbitrary code.
In order to leverage the vulnerability, a cyberattacker must have network access to the vulnerable system, and possess the privilege to add new macro languages. To exploit the vulnerability, the attacker can upload a forged JavaScript language file containing malicious code to Configure Code Macro > Add a new language, according to the researchers.
SonicWall has released two signatures for its customers to be prepared in case of exploitation — IPS: 4437 Atlassian Confluence Data Center and Server RCE and IPS: 4438 Atlassian Confluence Data Center and Server RCE 2 — along with indicators of compromise (IoCs).
There's also proof-of-concept (PoC) exploit code already available for CVE-2024-21683.
The researchers strongly recommend that users upgrade their instances to the latest available versions due to the role that Confluence Server can play in maintaining an organization's knowledge base and other critical information. Atlassian Confluence bugs are generally popular on the cybercrime circuit, given that the platform reaches deep into network environments and is used for cross-enterprise collaboration, workflow, and software development.
About the Author
You May Also Like