June 4, 2024 at 10:15AM
A high-severity vulnerability, tracked as CVE-2024-21683, allows remote code execution in Atlassian Confluence Data Center and Server. Identified by SonicWall, the flaw requires user privileges to add and upload a malicious language file. Atlassian has released patches, yet threat actors could still target this and other known vulnerabilities.
Key takeaways from the meeting notes:
1. A critical vulnerability, tracked as CVE-2024-21683 with a CVSS score of 8.3, has been identified in Atlassian Confluence Data Center and Server.
2. The vulnerability allows for remote code execution (RCE) and stems from the input validation mechanism in the function for adding new code block macro language definitions.
3. Successful exploitation of the bug requires the attacker to have the necessary privileges to add new macro languages and upload a malicious language file using the ‘Add a new language’ function in the ‘Configure Code Macro’ section.
4. Atlassian has released patches (versions 8.9.1, 8.5.9 LTS, and 7.19.22 LTS) to address the vulnerability, impacting Confluence Data Center versions 5.2 to 8.9.0.
5. The vulnerability poses a high impact on the confidentiality, integrity, and availability of the system and does not require user interaction for exploitation.
6. While there is no mention of the bug being exploited in the wild, threat actors have shown a history of targeting Confluence vulnerabilities shortly after disclosure.
7. Proof-of-concept (PoC) code targeting the vulnerability has been released shortly after patches started rolling out, and technical details on the bug are also available.
These takeaways highlight the severity of the vulnerability, the potential impact of its exploitation, and the urgency of applying the provided patches to secure systems running vulnerable versions of Atlassian Confluence Data Center.