Select Page

Confluence CVE-2024-21678 – XSS Corrective Action

Feb 27, 2024 | Atlassian, Solving Problems

KithSolvingProblems

 

Confluence CVE-2024-21678 Impact and Mitigation Steps:

    • Severity: The high vulnerability in Confluence Data Center, Confluence Server is classified as “High.”
    • Versions Impacted: 7.13.07.19.07.20.08.0.08.1.08.2.08.3.08.4.08.5.08.6.08.7.12.7.0
    • CVE Identifier: The specific vulnerability is tracked as Confluence CVE-2024-21678
    • CVSS Score: Atlassian assigned a  CVSS score of 8.5 to this vulnerability, highlighting its severity. This score is due to the ability for authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser
    • Vulnerability Description: This vulnerability allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victim’s browser. While it has a low impact on integrity and availability, it poses a high risk to confidentiality. Notably, exploitation of this vulnerability does not require any user interaction, making it particularly dangerous.
    • Confluence Data Center and Server customers of a high security vulnerability that has been identified in Confluence Data Center version 2.7.0. This vulnerability, classified as a High severity Stored Cross-Site Scripting (XSS) issue, poses a significant threat to the security of affected systems.

Affected Versions:

    • Server

      Affected versions Fixed versions
      from 8.5.0 to 8.5.4 LTS 8.5.5 LTS or 8.5.6 LTS recommended 
      from 8.4.0 to 8.4.5 8.5.6 LTS recommended
      from 8.3.0 to 8.3.4 8.5.6 LTS recommended
      from 8.2.0 to 8.2.3 8.5.6 LTS recommended
      from 8.1.0 to 8.1.4 8.5.6 LTS recommended
      from 8.0.0 to 8.0.4 8.5.6 LTS recommended
      from 7.20.0 to 7.20.3 8.5.6 LTS recommended
      from 7.19.0 to 7.19.17 LTS 8.5.6 LTS recommended or 7.19.18 LTS or 7.19.19 LTS
      from 7.18.0 to 7.18.3 8.5.6 LTS recommended or 7.19.19 LTS
      from 7.17.0 to 7.17.5 8.5.6 LTS recommended or 7.19.19 LTS
      Any earlier versions 8.5.6 LTS recommended or 7.19.19 LTS
    • Data Center

      Affected versions Fixed versions
      from 8.7.0 to 8.7.1 8.8.0 recommended or 8.7.2
      from 8.6.0 to 8.6.1 8.8.0 recommended
      from 8.5.0 to 8.5.4 LTS 8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
      from 8.4.0 to 8.4.5 8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
      from 8.3.0 to 8.3.4 8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
      from 8.2.0 to 8.2.3 8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
      from 8.1.0 to 8.1.4 8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
      from 8.0.0 to 8.0.4 8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
      from 7.20.0 to 7.20.3 8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS
      from 7.19.0 to 7.19.17 LTS 8.8.0 recommended or 8.5.6 LTS or 7.19.18 LTS or 7.19.19 LTS
      from 7.18.0 to 7.18.3 8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS
      from 7.17.0 to 7.17.5 8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS
      Any earlier versions 8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS

Recommended Actions:

    • For Confluence Data Center customers, Atlassian strongly advises upgrading to the latest version to mitigate the risk posed by this vulnerability. If immediate upgrading is not feasible, customers should upgrade their instances to one of the specified supported fixed versions, as outlined below:

Standard Manual Upgrade Steps:

    • Notify users of outage for critical hotfixing
    • Stop services across all nodes
    • Backup existing database and shared home prior to upgrade
    • Make copies of the setenv.sh and server.xml found in the application install directories bin & conf (these hold critical settings we want to propogate again post upgrade
    • Download the hotfix from the Atlassian archives
    • Apply the upgrade, do not auto-start services
    • Copy back the setenv.sh, server.xml, and any other customized files you had to copy during the upgrade process
    • Restart services and perform smoke testing once Confluence is available

 

Conclusion:

There is a cross site scripting vulnerability and exposure for Confluence Data Center that was recently disclosed, Confluence CVE-2024-21678. It is essential to take immediate action to address this high vulnerability. Failure to do so may expose your Confluence instance to exploitation by malicious actors. We urge all affected customers to prioritize upgrading to the recommended versions or applying the necessary fixes to ensure the security and integrity of their systems. For further assistance or inquiries, please reach out to Atlassian support.

    Here is the notice from the National Vulnerability Database

    Link to Atlassian ticket can be found here. 

    Thanks for visiting, click here to learn more about out our Atlassian Cloud Services!