Confluence Data Center & Server Flaw Allows Remote Code Execution

by Esmeralda McKenzie
Confluence Data Center & Server Flaw Allows Remote Code Execution

Confluence Data Center & Server Flaw Allows Remote Code Execution

Confluence Files Heart & Server Flaw Permits Remote Code Execution

Atlassian disclosed a excessive-severity vulnerability that exists in more than one versions of their Confluence Files Heart and Server.

The CVE for this vulnerability develop into as soon as assigned with CVE-2024-21683 and the severity develop into as soon as given as 8.3 (Excessive).

Confluence has addressed this vulnerability within the newest versions of Confluence Files Heart and Server and released major patches. On the other hand, researchers hang realized a plot to exhaust this vulnerability.

Technical Analysis – CVE-2024-21683

Based fully totally on the advisory, this vulnerability develop into as soon as associated with Remote code execution on Confluence Files Heart, which permits an authenticated threat actor with a definite stage of privileges to end arbitrary commands on the affected gadgets.

To successfully exploit this vulnerability, a threat actor requires network acquire admission to to the inclined machine and the privilege to be able to add new macro language as a prerequisite.

This “Add a brand new language” impartial of the “Configure Code Macro” allotment permits users to be able to add a brand new code block macro language to customise the formatting and syntax highlighting.

On the other hand, an authenticated attacker can add a malicious Javascript file to this efficiency, which is in a position to inject malicious Java code on the affected gadgets.

Capture%20(2)
Add a brand new language possibility (Provide: SonicWall)

This exploitation can also simply also be finished by crafting a malicious JS file with a code to inject reminiscent of java.lang.Runtime.getRuntime().exec(”contact /tmp/poc”) which is in a position to be completed when uploaded to the server. This execution happens attributable to insufficient validation of the file.

This malicious java code is dispensed for evaluate to the “parseLanguage” plot of “RhinoLanguageParser” class which exists within the WEB-INF/atlassian-bundled-plugins/com.atlassian.confluence.ext.newcode-macro-plugin-5.0.1.jar!/com/atlassian/confluence/ext/code/languages/impl/RhinoLanguageParser.class location.

Capture%20(3)
RhinoParser Overview (Provide: SonicWall)

Additional, the “script” variable is fashioned and the “evaluateString” plot will route of the malicious java code. This “evaluateString” plot will then pass the code to the “doTopCall” plot of “ScriptRuntime” class.

The “doTopCall” plot will end this malicious java code that will lead to arbitrary code execution on the inclined.

On the other hand, this vulnerability has been patched on the newest versions of Confluence Files Heart and Server.

Affected Merchandise And Mounted In Variations

Product Affected versions Mounted versions
Confluence Files Heart 8.9.0from 8.8.0 to eight.8.1from 8.7.0 to eight.7.2from 8.6.0 to eight.6.2from 8.5.0 to eight.5.8 LTSfrom 8.4.0 to eight.4.5from 8.3.0 to eight.3.4from 8.2.0 to eight.2.3from 8.1.0 to eight.1.4from 8.0.0 to eight.0.4from 7.20.0 to 7.20.3from 7.19.0 to 7.19.21 LTSfrom 7.18.0 to 7.18.3from 7.17.0 to 7.17.5Any earlier versions 8.9.18.9.18.9.18.9.18.9.1 or 8.5.9 LTS recommended8.9.1 or 8.5.9 LTS recommended8.9.1 or 8.5.9 LTS recommended8.9.1 or 8.5.9 LTS recommended8.9.1 or 8.5.9 LTS recommended8.9.1 or 8.5.9 LTS recommended8.9.1 or 8.5.9 LTS recommended8.9.1 or 8.5.9 LTS advisable or 7.19.22 LTS8.9.1 or 8.5.9 LTS advisable or 7.19.22 LTS8.9.1 or 8.5.9 LTS advisable or 7.19.22 LTS8.9.1 or 8.5.9 LTS advisable or 7.19.22 LTS
Confluence Server from 8.5.0 to eight.5.8 LTSfrom 8.4.0 to eight.4.5from 8.3.0 to eight.3.4from 8.2.0 to eight.2.3from 8.1.0 to eight.1.4from 8.0.0 to eight.0.4from 7.20.0 to 7.20.3from 7.19.0 to 7.19.21 LTSfrom 7.18.0 to 7.18.3from 7.17.0 to 7.17.5Any earlier versions 8.5.9 LTS recommended8.5.9 LTS recommended8.5.9 LTS recommended8.5.9 LTS recommended8.5.9 LTS recommended8.5.9 LTS recommended8.5.9 LTS recommended8.5.9 LTS advisable or 7.19.22 LTS8.5.9 LTS advisable or 7.19.22 LTS8.5.9 LTS advisable or 7.19.22 LTS8.5.9 LTS advisable or 7.19.22 LTS

It’s miles advisable that Confluence users upgrade to the newest versions to forestall threat actors from exploiting this vulnerability.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 

Source credit : cybersecuritynews.com

Related Posts