Atlassian Confluence Users Urged to Patch Critical Security Bug

• SonicWall discovered a high-severity remote code execution flaw (CVE-2024-21683) in the Atlassian Confluence Data Center and Server.
• Atlassian quickly released patches for impacted versions (8.9.1, 8.5.9, and 7.19.22) to address the vulnerability.
• SonicWall provided protective measures (IPS: 4437 and IPS: 4438) and indicators of compromise (IoCs) to assist users.

SonicWall Capture Labs’ research team has uncovered a remote code execution vulnerability in the Atlassian Confluence Data Center and Server. Identified as CVE-2024-21683, this vulnerability carries a high CVSS score of 8.3 out of 10 and enables authenticated threat actors to execute arbitrary code remotely. This high-severity vulnerability seriously threatens user data and system security. Atlassian has quickly resolved the issue by releasing patches and advising users to update their Confluence installations immediately to mitigate potential risks.

To exploit this vulnerability, a cyber attacker must have network access to vulnerable systems and the privilege to add new macro languages. According to the researchers, the attacker can upload a forged JavaScript language file containing malicious code by navigating to Configure Code Macro and selecting Add a new language.

SonicWall has released two signatures to assist its clients in becoming ready in case of exploitation: IPS: 4437 Atlassian Confluence Data Center and Server RCE and IPS: 4438 Atlassian Confluence Data Center and Server RCE 2. Additionally, they have provided indicators of compromise (IoCs). Proof-of-concept (PoC) exploit code for CVE-2024-21683 is already available.

See more: Vulnerability Alert: Nine PixieFail UEFI Vulnerabilities Threaten the Firmware Supply Chain

The vulnerability affects all Confluence Data Center versions from 5.2 to 8.9.0 and has been addressed with the release of versions 8.9.1, 8.5.9, and 7.19.22. These updates also resolve four additional vulnerabilities in Confluence and its third-party dependencies.

The researchers strongly recommend that users upgrade their instances to the latest versions. This is important because Confluence Server is critical in maintaining an organization’s knowledge base and other vital information. Due to the platform’s deep integration in network environments, cybercriminals frequently target Atlassian Confluence vulnerabilities. The platform is widely used for enterprise collaboration, workflow management, and software development.

LATEST ON CYBER SECURITY

• U.S. Government Sanctions Cybercrime Network Using Free VPN Services for Proxy Botnet
• New Cyber Espionage Campaign by LilacSquid Affects IT, Energy, and Pharma Industries
• BBC Pension Scheme Data Breach Exposes Personal Info
• Chrome Security Alert: Fourth Zero-Day Exploit Patched This Month
• Malware Alert: BitRAT and Lumma Stealer Disguised in Fake Browser Updates