Proof-of-concept exploit code released for RCE vulnerability CVE-2024-21683

Threat ID:CC-4503

Threat Severity:Medium

Published:29 May 2024 3:20 PM

Summary

Affected platforms

The following platforms are known to be affected:

Atlassian Confluence Data Center

Atlassian Confluence Server

Threat details

More vulnerabilities covered in Atlassian's May 2024 Security Bulletin

Other vulnerabilities affecting the Confluence product line, including the critical severity vulnerability known as CVE-2024-1597, are named in the May 2024 Security Bulletin. These vulnerabilities concern SQL injection, improper authorisation, and denial-of-service.

Other Atlassian products, such as Bamboo, Bitbucket, Crowd, Jira, and Jira Service, also have security updates available.

Introduction

Atlassian has released an advisory to address a remote code execution (RCE) vulnerability with a CVSSv3 score of 8.3, affecting Confluence Server and Confluence Data Center. A remote, authenticated attacker could exploit vulnerability CVE-2024-21683 to execute arbitrary code, resulting in a high impact to confidentiality, high impact to integrity, high impact to availability, and requiring no user interaction.

Proof-of-concept exploit code has been released for CVE-2024-21683.

Potential Exploitation of Confluence

Atlassian Confluence instances are often externally-facing by design and present an attractive target for exploitation by nation state and cyber criminal threat groups. Confluence vulnerabilities have been heavily targeted with exploits developed rapidly after vulnerability disclosure, leading to exploitation in the wild.

Proof-of-concept code has been released for CVE-2024-21683, so exploitation is considered more likely.

Remediation advice

Affected organisations are encouraged to review Atlassian's CVE-2024-21683 - RCE (Remote Code Execution) in Confluence Data Center and Server advisory and apply the relevant updates as soon as practicable.

Additional advisories for Confluence and other Atlassian product lines are in the May 2024 Security Bulletin.

Definitive source of threat updates

https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html

https://jira.atlassian.com/browse/CONFSERVER-95832

CVE Vulnerabilities

StatusPublished

CVE-2024-21683This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.

StatusPublished

CVE-2024-1597pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.

Last edited: 29 May 2024 3:20 pm