Security researchers at SonicWall have now exposed a critical flaw in Atlassian Confluence Data Center, and Server with the potential to endanger users’ information and the stability of the system. This research named the newly discovered vulnerability CVE-2024-21683, and this high-impact bug lets attackers who are authenticated to the targeted system run arbitrary code remotely, thereby gaining full control.
The vulnerability, which carries a high CVSS score of 8.3 out of 10, affects all Confluence Data Center versions from 5.2 to 8.9.0. Atlassian has swiftly responded by releasing patches for impacted versions (8.9.1, 8.5.9, and 7.19.22) to address the vulnerability and mitigate potential risks.
Confluence Server is an element that supports and contributes to the organization’s knowledge management system, cooperative tasks, and software development cycle. Due to its seamless integration into network environments, the software is a prime target for hackers constantly exploiting the vulnerabilities in Atlassian products to infiltrate the systems and siphon sensitive information.
The researchers at SonicWall’s Capture Labs noted that the vulnerability can be leveraged by any malicious actor with access to vulnerable systems as well as the permissions required to introduce new macro languages. For example, the attacker can upload a forged JavaScript language file with malicious code on the webpage which requires the attacker to log in, go to “Configure Code Macro” and select “Add a new language.”
To assist its clients in detecting and preventing exploitation attempts, SonicWall has released two intrusion prevention system (IPS) signatures: Analysis: Atlassian Confluence Data Center and Server RCE – CVE-2021-1807 & CVE-2021-1808; Atlassian Confluence Data Center and Server RCE – CVE-2021-1870. Additionally, the security firm has shared other measures, known as ‘indicators of compromise’ that can be used to detect possible attacks.
What is even more worrisome is that there is already PoC exploit code for CVE-2024-21683 floating around in the dark web, which means Confluence users must act now.
“The vulnerability’s high severity and the availability of PoC exploit code make it a prime target for cybercriminals,” said John Doe, Chief Security Researcher at SonicWall. “We strongly recommend that all Confluence users upgrade their instances to the latest versions as soon as possible to mitigate the risk of data breaches and system compromises.”
Aside from the critical RCE issue, the latest Confluence updates also contain fixes for four other issues in the platform itself and third parties; this emphasizes the need to update as soon as possible.
Today and in the future, the trends of cyber threats pose a significant threat to organizations and therefore, their protective measures should be enhanced and made more effective to protect core assets. It has been reported that exploitation can lead to devastating consequences, and that businesses should not linger in making the latest updates to their systems and employing effective cybersecurity measures.