module
Atlassian Confluence Administrator Code Macro Remote Code Execution
| Disclosed | Created |
|---|---|
| May 21, 2024 | Jul 11, 2024 |
Disclosed
May 21, 2024
Created
Jul 11, 2024
Description
This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence,
tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating
tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will
authenticate, validate user privileges, extract the underlying host OS information, then trigger
remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions
up to 8.9.0.
tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating
tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will
authenticate, validate user privileges, extract the underlying host OS information, then trigger
remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions
up to 8.9.0.
Authors
Ankita Sawlani
Huong Kieu
W01fh4cker
remmons-r7
Huong Kieu
W01fh4cker
remmons-r7
Platform
Linux,Unix,Windows
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.