Atlassian Confluence High-Severity Bug Allows Code Execution

04-June-24

SonicWall Capture Labs has identified a high-severity remote code execution vulnerability (CVE-2024-21683) in Atlassian Confluence Data Center and Server, with a CVSS score of 8.3. This flaw allows authenticated attackers to execute arbitrary code by uploading a malicious JavaScript language file. SonicWall has released signatures IPS: 4437 and IPS: 4438, along with indicators of compromise, and advises users to upgrade to the latest version. Proof-of-concept exploit code is already available, highlighting the need for prompt action due to Confluence’s critical role in organizational workflows.

Read More…