Threat update
A new high-severity remote code execution (RCE) vulnerability known as CVE-2024-21683 has been discovered in Atlassian's Confluence Data Center and Server. This vulnerability permits an attacker with an account on the service to gain server control. Review this Cybersecurity Threat Advisory for more information and to limit your risk now.
Technical Detail and Additional Info
What is the threat?
CVE-2024-21683 is caused by inadequate input validation in the 'Add a new language' function when in the 'Configure Code Macro' tab. Due to insufficient access control, an authenticated user with adequate permissions can upload a modified JavaScript file having Java code that can be executed on the server.
Why is it noteworthy?
This vulnerability is particularly noteworthy due to the following:
- It has a CVSS score of 7.2, indicating a significant impact on affected systems.
- It requires no user interaction to exploit, making it easy to weaponize.
- Enterprise environments use Confluence for managing knowledge bases and documentation.
- Proof-of-Concept (PoC) exploits and technical details are already publicly available, increasing the risk of exploitation.
What is the exposure or risk?
The vulnerability affects all versions of Confluence Data Center and Server starting from 5.2, making many installations potentially vulnerable:
- Attackers can gain unauthorized access to sensitive information stored within Confluence.
- Malicious code execution can alter or destroy data, compromising the integrity of information.
- Exploitation can lead to denial of service, disrupting access to Confluence and associated resources.
What are the recommendations?
To mitigate the risks posed by CVE-2024-21683, follow the below recommendations:
- Upgrade to the latest version of Confluence Data Center and Server.
- Apply the recommended patches for the affected versions if upgrading to the latest version is not feasible.
- Limit the privileges of Confluence users to minimize the risk of exploitation by restricting the ability to add new macro languages to trusted administrators only.
- Monitor Confluence logs for any suspicious activity and respond promptly to potential security incidents.
- Stay up to date with security advisories and updates from Atlassian to ensure timely mitigation of vulnerabilities.
References
For more in-depth information about the recommendations, please visit the following links:
- https://nvd.nist.gov/vuln/detail/CVE-2024-21683
- https://www.helpnetsecurity.com/2024/06/03/cve-2024-21683-poc/
- https://www.vicarius.io/vsociety/posts/analyzing-confluence-rce-exploit-cve-2024-21683-21685
If you have any questions, please contact LBT's Sales Engineer.