The research team at SonicWall Capture Labs has discovered a remote code execution vulnerability in the Atlassian Confluence Data Center and Server.
The vulnerability, identified as CVE-2024-21683, has a high CVSS score of 8.3 out of 10, and allows an authenticated threat actor the ability to execute arbitrary code.
In order to leverage the vulnerability, a cyberattacker must have network access to the vulnerable system, and possess the privilege to add new macro languages. To exploit the vulnerability, the attacker can upload a forged JavaScript language file containing malicious code to Configure Code Macro > Add a new language, according to the researchers.
SonicWall has released two signatures for its customers to be prepared in case of exploitation — IPS: 4437 Atlassian Confluence Data Center and Server RCE and IPS: 4438 Atlassian Confluence Data Center and Server RCE 2 — along with indicators of compromise (IoCs).
There’s also proof-of-concept (PoC) exploit code already available for CVE-2024-21683.
The researchers strongly recommend that users upgrade their instances to the latest available versions due to the role that Confluence Server can play in maintaining an organization’s knowledge base and other critical information. Atlassian Confluence bugs are generally popular on the cybercrime circuit, given that the platform reaches deep into network environments and is used for cross-enterprise collaboration, workflow, and software development.
This post was originally published on 3rd party site mentioned in the title of this site
