Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

The widely used team workspace corporate wiki Confluence has been discovered to have a critical remote code execution vulnerability.



This vulnerability has been assigned with CVE-2024-21683 with a severity of 8.3 (High). 



This vulnerability affects multiple versions of Confluence Data Center and server, including Data Center version 8.9.0 and Server versions 8.5.0 through 8.5.8 LTS.



However, this vulnerability has been fixed in the latest versions of Confluence Data Center and Server.



Atlassian Internal discovered this vulnerability, and it has been fixed accordingly.



Free Webinar on Live API Attack Simulation : Book Your Seat | Start protecting your APIs from hackers



Technical Analysis –  CVE-2024-21683



According to the advisory , this vulnerability allows an authenticated attacker to execute arbitrary code in the system that could result in high impact in the CIA (Confidentiality, Integrity and Availability) .



Further, this vulnerability does not require any user interaction to be successful.



Atlassian has published no other information about this vulnerability.



However, depending on the description, it can be speculated that this vulnerability was easier for an authenticated attacker to exploit.



The complete details and a proof-of-concept for this vulnerability are yet to be published.



Atlassian recommends its users upgrade their Data Centers and Servers to the latest versions below.



Data Center



Affected versions Fixed versions 8.9.0 8.9.1 from 8.8.0 to 8.8.1 8.9.1 from 8.7.0 to 8.7.2 8.9.1 from 8.6.0 to 8.6.2 8.9.1 from 8.5.0 to 8.5.8 LTS 8.9.1 or 8.5.9 LTS recommended from 8.4.0 to 8.4.5 8.9.1 or 8.5.9 LTS recommended from 8.3.0 to 8.3.4 8.9.1 or 8.5.9 LTS recommended from 8.2.0 to 8.2.3 8.9.1 or 8.5.9 LTS recommended from 8.1.0 to 8.1.4 8.9.1 or 8.5.9 LTS recommended from 8.0.0 to 8.0.4 8.9.1 or 8.5.9 LTS recommended from 7.20.0 to 7.20.3 8.9.1 or 8.5.9 LTS recommended from 7.19.0 to 7.19.21 LTS 8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS from 7.18.0 to 7.18.3 8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS from 7.17.0 to 7.17.5 8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS Any earlier versions 8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS Server



Affected versions Fixed versions from 8.5.0 to 8.5.8 LTS 8.5.9 LTS recommended from 8.4.0 to 8.4.5 8.5.9 LTS recommended from 8.3.0 to 8.3.4 8.5.9 LTS recommended from 8.2.0 to 8.2.3 8.5.9 LTS recommended from 8.1.0 to 8.1.4 8.5.9 LTS recommended from 8.0.0 to 8.0.4 8.5.9 LTS recommended from 7.20.0 to 7.20.3 8.5.9 LTS recommended from 7.19.0 to 7.19.21 LTS 8.5.9 LTS recommended or 7.19.22 LTS from 7.18.0 to 7.18.3 8.5.9 LTS recommended or 7.19.22 LTS from 7.17.0 to 7.17.5 8.5.9 LTS recommended or 7.19.22 LTS Any earlier versions 8.5.9 LTS recommended or 7.19.22 LTS Users of Confluence are advised to upgrade to the latest versions to prevent the exploitation of these vulnerabilities by threat actors.



ANYRUN malware sandbox’s 8th Birthday Special Offer : Grab 6 Months of Free Service
The post Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform .