QID 730999
Date Published: 2023-12-06
QID 730999: Atlassian Confluence Data Center and Server Remote Code Execution (RCE) Vulnerability (CONFSERVER-93502)
Atlassian Confluence is team collaboration software written in Java.
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page
Affected version:
Confluence data center and server: 4.x.x,5.x.x,6.x.x,7.x.x,8.0.x,8.1.x,8.2.x,8.3.x,8.4.0,8.4.1,8.4.2,8.4.3,8.4.4,8.5.0,8.5.1,8.5.2,8.5.3
Confluence Data Center: 8.6.0,8.6.1
QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Confluence Server.
Successful remote code exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
Solution
Customers are advised to refer to CONFSERVER-93502 for updates pertaining to this vulnerability.
Workaround:
Security best practices, but not a workaround:
1. Back up your instance. (Instructions: https://confluence.atlassian.com/doc/production-backup-strategy-38797389.html)
2. Remove your instance from the internet until you can patch. Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch.
Workaround:
Security best practices, but not a workaround:
1. Back up your instance. (Instructions: https://confluence.atlassian.com/doc/production-backup-strategy-38797389.html)
2. Remove your instance from the internet until you can patch. Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch.
Vendor References
- CONFSERVER-93502 -
jira.atlassian.com/browse/CONFSERVER-93502
CVEs related to QID 730999
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| CONFSERVER-93502 |
jira.atlassian.com/browse/CONFSERVER-93502 |