CyberSecurityBoard
Sponsor Register Login

High-risk Atlassian Confluence RCE fixed, PoC available

If you're self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw for which a PoC and technical details are already public.
Confluence Server and Data Center are software solutions that are widely used in enterprise settings to manage knowledge bases, documentation, and standardize collaboration.
A PoC for CVE-2024-21683 can be found on GitHub and is based on a by security researcher Huong Kieu.
Vulnerabilities in Data Center and Confluence Server are regularly leveraged by attackers.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 03 Jun 2024 09:43:07 +0000


Cyber News related to High-risk Atlassian Confluence RCE fixed, PoC available

Atlassian warns of exploit for Confluence data wiping bug, get patching - Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper ...
11 months ago Bleepingcomputer.com
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks - Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. Described by Atlassian as an improper authorization vulnerability and tracked as ...
11 months ago Bleepingcomputer.com
Atlassian warns of 4 new critical vulnerabilities affecting Jira, Confluence, Bitbucket - Atlassian Jira, Confluence, Bitbucket and macOS Companion app users are warned to update their software immediately due to four critical vulnerabilities allowing for remote code execution. Atlassian, an Australian software company, has more than ...
10 months ago Packetstormsecurity.com
Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, ...
9 months ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances - Enterprise software maker Atlassian on Tuesday warned of a critical vulnerability in out-of-date Confluence Data Center and Server versions that could be exploited for remote code execution, without authentication. The issue, tracked as ...
9 months ago Securityweek.com
Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps - It's time to patch again: Four critical security vulnerabilities in Atlassian software open the door to remote code execution and subsequent lateral movement within enterprise environments. They are just the latest bugs to surface of late in the ...
11 months ago Darkreading.com
Atlassian Patches Critical Remote Code Execution Vulnerabilities - Business software maker Atlassian this week announced updates that address critical-severity remote code execution vulnerabilities in Confluence and other products. Atlassian, which rates the vulnerability with a CVSS score of 9.0, notes that an ...
11 months ago Securityweek.com
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers - Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a ...
11 months ago Thehackernews.com
CVE-2023-22505 - This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. ...
1 year ago
Atlassian Confluence Server RCE attacks underway The Register - More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 - a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server - according to non-profit security org Shadowserver. Atlassian ...
9 months ago Go.theregister.com
CVE-2024-21672 - This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. ...
9 months ago
CVE-2024-21673 - This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. ...
9 months ago
CVE-2023-22526 - This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. ...
9 months ago
CVE-2023-22508 - This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an ...
10 months ago
Atlassian patches critical RCE flaws across multiple products - Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity ...
11 months ago Bleepingcomputer.com
CVE-2024-21674 - This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. ...
9 months ago
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
10 months ago Cyberdefensemagazine.com
Attacks begin on critical Atlassian Confluence vulnerability - Multiple cybersecurity organizations have observed exploitation attempts against a critical Atlassian Confluence vulnerability that was disclosed and patched last week. In a security advisory published on Jan. 16, Atlassian detailed a remote code ...
9 months ago Techtarget.com
CVE-2019-15006 - There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence ...
2 years ago
CVE-2024-21677 - This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which ...
7 months ago
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
9 months ago Techtarget.com
Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE - A max-critical unauthenticated remote code execution vulnerability is impacting Atlassian Confluence Data Center and Confluence Server, in all versions released before Dec. 5. Unpatched organizations should prepare to defend against everything from ...
9 months ago Darkreading.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
9 months ago Darkreading.com
High-risk Atlassian Confluence RCE fixed, PoC available - If you're self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw for which a PoC and technical details are already public. Confluence Server and Data ...
5 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)