DIVD-2023-00045 - Confluence RCE Vulnerability In Confluence Data Center and Confluence Server
| Our reference | DIVD-2023-00045 |
| Case lead | Wessel Baltus |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Upgrade to patched versions stated on Atlassian website |
| Patch status | Fully patched |
| Status | Closed |
| Last modified | 14 Apr 2024 22:02 CEST |
Summary
An remote code execution vulnerability has been identified inside Atlassian Confluence Data Center and Server. Data Center and Server versions prior to 7.19.17, 8.4.5, 8.5.4 and Data Center only versions prior to 8.6.2, 8.7.1 are vulnerable. The vulnerabilty allows an authenticated user, including one with anonymous access, to use template injection and obtain remote code execution.
What you can do
Upgrade to patched versions for Data Center and Server: 7.19.17; 8.4.5; 8.5.4. Upgrade to patched versions for Data Center Only : 8.6.2; 8.7.1.
What we are doing
DIVD is currently working to identify vulnerable parties and notify these. We do this by scanning for exposed Atlassian Confluence instances and examining these instances to determine whether the vulnerability is present. Owners of vulnerable instances receive a notification with the host information and remediation steps.
Timeline
| Date | Description |
|---|---|
| 05 Dec 2023 | Vulnerability reported to Atlasssian Confluence |
| 05 Dec 2023 | Advisory released by atlassian |
| 09 Dec 2023 | DIVD created a list of vulnerable Confluence instancess |
| 09 Dec 2023 | First version of this case file |
| 20 Dec 2023 | DIVD identified vulnerable devices |
| 20 Dec 2023 | DIVD send out first mailrun |
| 14 Apr 2024 | DIVD did rescan and closed case |