Unleashing Chaos – The Atlassian Confluence RCE Vulnerability Saga

— Sam Jacob Dec, 2, 2023

Cybeer Security Blogs >> Secrets In Code >> Unleashing Chaos

Hackers are on the hunt for Atlassian Confluence RCE Vulnerability

Atlassian recently announced a critical Remote Code Execution (RCE) vulnerability in Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 (CVE-2023-22527 – CVSS score: 10.0). Merely days after the flaw became public knowledge, nearly 40,000 exploitation attempts are made.

This is a template injection vulnerability which could allow attackers to inject OGNL (Object-Graph Navigation Language) expressions into the Confluence instance, thereby enabling them to execute arbitrary code and system commands in susceptible installations. This exploitation does not require authentication.

Confluence, like most Atlassian products are written in Java. Java, particularly the Struts framework, uses OGNL (Object-Graph Navigation Language) to represent Java objects. In this scenario, an attacker who can inject an arbitrary OGNL object can execute arbitrary Java code.

Affected Versions:

Product

Affected Versions

Confluence Data Center and Server

8.0.x

8.1.x

8.2.x

8.3.x

8.4.x

8.5.0-8.5.3

Note: 7.19.x LTS versions are not affected by the vulnerability.

 

Fixed Versions:

The issue has been addressed in the following versions.

Product

Fixed Versions

Latest Versions

Confluence Data Center and Server

8.5.4 (LTS)

8.5.5 (LTS)

Confluence Data Center

8.6.0 (Data Center Only)

8.7.1 (Data Center Only)

8.7.2 (Data Center Only)

It is recommended that you patch each of your affected installations to the latest version available. 

Blog by- SecIQ Security Research Team