Critical Remote Code Execution Vulnerability Patched in Atlassian Confluence

CVECVE-2024-21673
CVSScvssV3_0: 8
SourceCVE-2024-21673

Atlassian Confluence, a popular enterprise collaboration and documentation tool, was found to have a serious remote code execution (RCE) vulnerability that could allow attackers to compromise Confluence servers and gain complete control.

The vulnerability received a CVSS score of 8.0 out of 10 due to its ability to be exploited remotely without authentication. An attacker could craft a specially crafted request that, when processed by a vulnerable Confluence server, could allow the execution of arbitrary code with the privileges of the Confluence application. This would give the attacker full access to the server and any data stored within it.

Confluence administrators are urged to immediately update their installations to patch this vulnerability. Versions 7.13.0 and below of Confluence Data Center and Server are affected. Upgrading to the latest version 7.19.18 or 8.5.5 (or any higher patch release in those versions) will close this security hole.

It is also recommended that administrators review their authentication and authorization policies to limit access and privileges. Applying the latest updates in a timely manner is crucial for any internet-facing application to help prevent exploitation and data loss. Users should check their Confluence version and contact their IT department if an upgrade is needed to bolster their defenses.

References