June 3, 2024 at 05:09PM
SonicWall Capture Labs found a high-severity remote code execution vulnerability (CVE-2024-21683) in Atlassian Confluence. It enables threat actors to execute arbitrary code with network access and macro language privileges. SonicWall released signatures to protect customers and warned about the available exploit code. Users are urged to upgrade due to Confluence Server’s critical role in organizations and its popularity among cybercriminals.
Based on the meeting notes, the key takeaways are:
1. SonicWall Capture Labs discovered a remote code execution vulnerability (CVE-2024-21683) in Atlassian Confluence Data Center and Server, with a high CVSS score of 8.3.
2. The vulnerability allows authenticated threat actors to execute arbitrary code by uploading a forged JavaScript language file containing malicious code to Configure Code Macro > Add a new language.
3. SonicWall has released two signatures (IPS: 4437 and IPS: 4438) and indicators of compromise (IoCs) for its customers to mitigate the exploitation risk.
4. There’s a proof-of-concept (PoC) exploit code available for CVE-2024-21683.
5. The researchers strongly recommend upgrading Confluence Server instances to the latest versions due to its critical role in maintaining an organization’s knowledge base and other important information, as Confluence Server is a popular target on the cybercrime circuit due to its extensive use in network environments and cross-enterprise collaboration.
If you need further assistance with this information, please let me know.