CVE-2024-21677: High Severity Path Traversal Vulnerability in Confluence Data Center (v6.13.)

A high severity path traversal vulnerability has been identified in Confluence Data Centers, starting from version 6.13.. With a CVSS Score of 8.3, this security flaw allows an unauthenticated attacker to compromise the integrity, confidentiality, and availability of the affected system, assuming the attacker can successfully exploit the vulnerability with user interaction. In order to protect your systems, Atlassian strongly recommends upgrading to the latest version of Confluence Data Center or Confluence Server.

Vulnerable Code Snippet

The vulnerability lies in the path traversal function of the affected Confluence Data Center version. A sample code snippet is provided below:

public ActionResult openFile(String serverPath) {
  String localPath = Server.MapPath(serverPath);
  byte[] fileBytes = System.IO.File.ReadAllBytes(localPath); //Vulnerable
  return File(fileBytes, "application/octet-stream", localPath);
}

Exploit Details

An attacker can exploit this path traversal vulnerability by sending a specially crafted URL containing directory traversal sequences (e.g., ../), which allows the attacker to potentially access sensitive files or directories outside the designated web server folder.

Here's an example of an exploit URL

http://example.com/openFile?serverPath=../../../../etc/passwd

If the attacker successfully exploits this vulnerability, it could lead to unauthorized access to sensitive data, unauthorized modification, or even complete takeover of the affected system.

Original References

- Atlassian Confluence Release Notes: https://confluence.atlassian.com/doc/confluence-release-notes-327.html
- Confluence Data Center and Server Download Center: https://www.atlassian.com/software/confluence/download-archives

Mitigation

Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes for more information: https://confluence.atlassian.com/doc/confluence-release-notes-327.html

You can download the latest version of Confluence Data Center and Server from the download center: https://www.atlassian.com/software/confluence/download-archives

Acknowledgements

This vulnerability was reported via our Bug Bounty program. Atlassian would like to thank the researchers who identified and reported this issue, helping to keep Confluence users secure.

Conclusion

The CVE-2024-21677 high severity path traversal vulnerability in Confluence Data Center (v6.13.) puts the affected systems' integrity, confidentiality, and availability at risk. By upgrading to the latest version of Confluence Data Center or Confluence Server, you can ensure your system is protected against this security flaw.

Timeline

Published on: 03/19/2024 17:15:09 UTC
Last modified on: 03/20/2024 13:00:16 UTC