Atlassian Confluence patches high severity flaw with published exploit PoC
Take action: If you are running self-hosted version of Atlassian Confluence, plan for a regular patch but don't delay it. This flaw is not critical, but it still can be exploited after a targeted phishing attack.
Learn More
Atlassian has addressed a high-severity remote code execution (RCE) vulnerability in Confluence Server and Data Center, tracked as CVE-2024-21683 (CVSS score 8.3).
This RCE vulnerability can be exploited through a specially crafted JavaScript language file. The vulnerability arises from insufficient input validation in the “Add a new language” function of the “Configure Code Macro” section. This function allows users to upload a new code block macro language definition to customize formatting and syntax highlighting. An authenticated attacker with sufficient privileges can inject malicious Java code into a file that will be executed on the server.
The attack is not trivial - The attacker must be logged into Confluence, must have sufficient privileges to add new macro languages and the JavaScript file containing malicious Java code must be uploaded to the Configure Code Macro > Add a new language.
A PoC for this vulnerability has been made public on GitHub by security researcher Huong Kieu.
Users hosting Confluence Server or Data Center are strongly advised to upgrade to the latest version immediately to mitigate this vulnerability.
