A new critical security vulnerability has been discovered in multiple versions of Atlassian’s Confluence Server and Data Center products. The flaw, assigned CVE-2024-21683, is a high-severity remote code execution (RCE) vulnerability that could allow an authenticated attacker to run malicious code on affected systems. The new vulnerability has a CVSS score of 8.3.
What is the Confluence Vulnerability CVE-2024-21683?
The new CVE-2024-21683 vulnerability exists in the “Add a new language” function of the “Configure Code Macro” section in Confluence. This feature allows users to upload custom code formatting files to customize syntax highlighting. However, due to insufficient validation of these files, a remote attacker could inject malicious Java code that would be executed on the server.
A POC exploit is now available to test your Confluence instances. Successful exploitation could lead to complete system compromise, allowing an attacker to view or steal sensitive data, disrupt operations, gain root access and much more.
Hundreds of Thousands of Confluence Deployments at Risk
Confluence software is widely used across organizations all over the globe. According to Shodan, a search engine for Internet-connected devices, currently there are 221,000 online servers are running Confluence instances of Confluence Server or Data Center, while, Hunter.how, a tool that scans the internet for online servers, reveals that over 31,500 online servers are running Confluence instances. Even more striking, the FOFA cyberspace asset fingerprint analysis platform shows over 2 million Confluence instances across the internet.
SHODAN CVE-2024-21683 Dork
http.component:"Atlassian Confluence"Hunter.how CVE-2024-21683 Dork
product.name="Confluence"FOFA CVE-2024-21683 Dork
app="ATLASSIAN-Confluence"
How to Fix the Vulnerability?
Atlassian has released new software versions to address CVE-2024-21683:
Confluence Server 8.2.3
Confluence Data Center 8.2.3
If you are running Confluence you should upgrade to the latest patched release as soon as possible. Following this update, it is also recommended to review all previously uploaded macros to your Confluence instances for any potential malicious code.
What is Confluence?
Confluence is a widely-used collaboration software made by the Australian company Atlassian. Confluence allows teams to create, share and discuss work in an organized knowledge base and document management system. Confluence Server and Data Center are the on-premises versions designed for enterprise use.
