A significant security vulnerability has been identified in Atlassian Confluence Server and Data Center. This flaw, assigned the identifier CVE-2024-21683, allows an attacker who has successfully authenticated to the Confluence instance to achieve Remote Code Execution (RCE) on the underlying server hosting Confluence.
The vulnerability specifically impacts the “Add Language” feature. This functionality, typically used for uploading language packs, can be misused by submitting a specially designed archive file. This crafted file, when processed by the vulnerable Confluence application, can lead to the execution of arbitrary commands or code with the privileges of the Confluence service.
It is important to note that exploiting this vulnerability requires the attacker to possess valid user credentials for the Confluence instance. Unauthenticated attackers cannot directly exploit this issue. However, any compromised user account could potentially be leveraged.
The potential impact of a successful exploitation is severe, allowing an attacker to compromise the server running Confluence. Administrators of vulnerable Confluence instances are strongly advised to apply the necessary security updates provided by Atlassian to patch this critical vulnerability and protect their systems from potential compromise. Applying patches addresses the flaw in the “Add Language” feature and prevents this specific RCE vector.
Source: https://www.offsec.com/blog/cve-2024-21683/
