{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-054.pdf"
    },
    "title": "Confluence Data Center and Server Remote Code Execution",
    "serial_number": "2024-054",
    "publish_date": "07-06-2024 14:29:06",
    "description": "A critical remote code execution (RCE) vulnerability, CVE-2024-21683, has been discovered in Atlassian's Confluence Data Center and Server. This vulnerability allows authenticated attackers with privileges of adding new macro languages to execute arbitrary code. <br>\n",
    "url_title": "2024-054",
    "content_markdown": "---\ntitle: 'Confluence Data Center and Server Remote Code Execution'\nnumber: '2024-054'\nversion: '1.0'\noriginal_date: 'May 30, 2024'\ndate: 'June 6, 2024'\n---\n\n_History:_\n\n* _06/06/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nA critical remote code execution (RCE) vulnerability, CVE-2024-21683, has been discovered in Atlassian's Confluence Data Center and Server. This vulnerability allows authenticated attackers with privileges of adding new macro languages to execute arbitrary code. \n\n# Technical Details\n\nThe vulnerability arises from insufficient input validation in the \"Add a new language\" function within the Configure Code Macro section. An attacker can exploit this by uploading a malicious Java file, leading to arbitrary code execution on the server.\n\n# Affected Products\n\n- Confluence Data Center: Versions prior to 8.9.1\n- Confluence Server: Versions prior to 8.5.9 LTS and 7.19.22 LTS\n\n# Recommendations\n\nImmediately upgrade to Confluence Data Center version 8.9.1 or later, Confluence Server version 8.5.9 LTS, or 7.19.22 LTS.\n\n## References\n\n[1] <https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability>\n\n[2] <https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>06/06/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>A critical remote code execution (RCE) vulnerability, CVE-2024-21683, has been discovered in Atlassian's Confluence Data Center and Server. This vulnerability allows authenticated attackers with privileges of adding new macro languages to execute arbitrary code. </p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability arises from insufficient input validation in the \"Add a new language\" function within the Configure Code Macro section. An attacker can exploit this by uploading a malicious Java file, leading to arbitrary code execution on the server.</p><h2 id=\"affected-products\">Affected Products</h2><ul><li>Confluence Data Center: Versions prior to 8.9.1</li><li>Confluence Server: Versions prior to 8.5.9 LTS and 7.19.22 LTS</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>Immediately upgrade to Confluence Data Center version 8.9.1 or later, Confluence Server version 8.5.9 LTS, or 7.19.22 LTS.</p><h3 id=\"references\">References</h3><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability\">https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html\">https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}