CVE-2024-21678: High-Severity Atlassian Confluence XSS – Act Now
Atlassian has released a security update addressing CVE-2024-21678 (CVSS 8.5), a high-severity stored cross-site scripting (XSS) vulnerability impacting multiple Confluence Server and Data Center versions. Organizations using the affected software must prioritize immediate patching or upgrading.
This flaw “allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires no user interaction.”
Successful exploitation of this XSS flaw requires attacker authentication but carries significant consequences:
- Session Hijacking: Attackers could steal authentication credentials and session tokens, allowing them to escalate privileges and gain unauthorized access to sensitive Confluence data.
- Data Integrity Compromise: Malicious content can be injected, potentially defacing the Confluence instance, misdirecting users, and damaging trust in the platform.
- Lateral Movement: An XSS foothold can act as a springboard for further attacks within the organization’s network, potentially leading to data exfiltration or ransomware deployment.
CVE-2024-21678 first emerged in Confluence Data Center’s version 2.7.0. For users of Confluence Data Center, Atlassian advises updating to the most recent release. Should that prove infeasible, opt for an upgrade to one of the designated, officially supported versions.
|
Affected versions |
Fixed versions |
|---|---|
|
from 8.7.0 to 8.7.1 |
8.8.0 recommended or 8.7.2 |
|
from 8.6.0 to 8.6.1 |
8.8.0 recommended |
|
from 8.5.0 to 8.5.4 LTS |
8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS |
|
from 8.4.0 to 8.4.5 |
8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS |
|
from 8.3.0 to 8.3.4 |
8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS |
|
from 8.2.0 to 8.2.3 |
8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS |
|
from 8.1.0 to 8.1.4 |
8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS |
|
from 8.0.0 to 8.0.4 |
8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS |
|
from 7.20.0 to 7.20.3 |
8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS |
|
from 7.19.0 to 7.19.17 LTS |
8.8.0 recommended or 8.5.6 LTS or 7.19.18 LTS or 7.19.19 LTS |
|
from 7.18.0 to 7.18.3 |
8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS |
|
from 7.17.0 to 7.17.5 |
8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS |
|
Any earlier versions |
8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS |
Similarly, for Confluence Server clientele, the recommendation is to proceed with an update to the newest version within the 8.5.x LTS series. If this is not possible, selecting one of the officially endorsed versions for an upgrade is advisable.
|
Affected versions |
Fixed versions |
|---|---|
|
from 8.5.0 to 8.5.4 LTS |
8.5.5 LTS or 8.5.6 LTS recommended |
|
from 8.4.0 to 8.4.5 |
8.5.6 LTS recommended |
|
from 8.3.0 to 8.3.4 |
8.5.6 LTS recommended |
|
from 8.2.0 to 8.2.3 |
8.5.6 LTS recommended |
|
from 8.1.0 to 8.1.4 |
8.5.6 LTS recommended |
|
from 8.0.0 to 8.0.4 |
8.5.6 LTS recommended |
|
from 7.20.0 to 7.20.3 |
8.5.6 LTS recommended |
|
from 7.19.0 to 7.19.17 LTS |
8.5.6 LTS recommended or 7.19.18 LTS or 7.19.19 LTS |
|
from 7.18.0 to 7.18.3 |
8.5.6 LTS recommended or 7.19.19 LTS |
|
from 7.17.0 to 7.17.5 |
8.5.6 LTS recommended or 7.19.19 LTS |
|
Any earlier versions |
8.5.6 LTS recommended or 7.19.19 LTS |
It’s noteworthy that vulnerabilities within Atlassian Confluence are frequently exploited by malevolent entities in the cyber realm, including groups backed by nation-states and those engaging in ransomware activities for opportunistic gains.
