|
98721 | 98721 | "session_types": false, |
98722 | 98722 | "needs_cleanup": null |
98723 | 98723 | }, |
| 98724 | + "exploit_multi/http/atlassian_confluence_rce_cve_2024_21683": { |
| 98725 | + "name": "Atlassian Confluence Administrator Code Macro Remote Code Execution", |
| 98726 | + "fullname": "exploit/multi/http/atlassian_confluence_rce_cve_2024_21683", |
| 98727 | + "aliases": [ |
| 98728 | + |
| 98729 | + ], |
| 98730 | + "rank": 600, |
| 98731 | + "disclosure_date": "2024-05-21", |
| 98732 | + "type": "exploit", |
| 98733 | + "author": [ |
| 98734 | + "Ankita Sawlani", |
| 98735 | + "Huong Kieu", |
| 98736 | + "W01fh4cker", |
| 98737 | + "remmons-r7" |
| 98738 | + ], |
| 98739 | + "description": "This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence,\n tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating\n tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will\n authenticate, validate user privileges, extract the underlying host OS information, then trigger\n remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions\n up to 8.9.0.", |
| 98740 | + "references": [ |
| 98741 | + "CVE-2024-21683", |
| 98742 | + "URL-https://jira.atlassian.com/browse/CONFSERVER-95832", |
| 98743 | + "URL-https://realalphaman.substack.com/p/quick-note-about-cve-2024-21683-authenticated", |
| 98744 | + "URL-https://github.com/W01fh4cker/CVE-2024-21683-RCE" |
| 98745 | + ], |
| 98746 | + "platform": "Linux,Unix,Windows", |
| 98747 | + "arch": "cmd", |
| 98748 | + "rport": 8090, |
| 98749 | + "autofilter_ports": [ |
| 98750 | + 80, |
| 98751 | + 8080, |
| 98752 | + 443, |
| 98753 | + 8000, |
| 98754 | + 8888, |
| 98755 | + 8880, |
| 98756 | + 8008, |
| 98757 | + 3000, |
| 98758 | + 8443 |
| 98759 | + ], |
| 98760 | + "autofilter_services": [ |
| 98761 | + "http", |
| 98762 | + "https" |
| 98763 | + ], |
| 98764 | + "targets": [ |
| 98765 | + "Default" |
| 98766 | + ], |
| 98767 | + "mod_time": "2024-07-10 20:45:53 +0000", |
| 98768 | + "path": "/modules/exploits/multi/http/atlassian_confluence_rce_cve_2024_21683.rb", |
| 98769 | + "is_install_path": true, |
| 98770 | + "ref_name": "multi/http/atlassian_confluence_rce_cve_2024_21683", |
| 98771 | + "check": true, |
| 98772 | + "post_auth": true, |
| 98773 | + "default_credential": false, |
| 98774 | + "notes": { |
| 98775 | + "Stability": [ |
| 98776 | + "crash-safe" |
| 98777 | + ], |
| 98778 | + "Reliability": [ |
| 98779 | + "repeatable-session" |
| 98780 | + ], |
| 98781 | + "SideEffects": [ |
| 98782 | + "ioc-in-logs" |
| 98783 | + ] |
| 98784 | + }, |
| 98785 | + "session_types": false, |
| 98786 | + "needs_cleanup": null |
| 98787 | + }, |
98724 | 98788 | "exploit_multi/http/atlassian_confluence_unauth_backup": { |
98725 | 98789 | "name": "Atlassian Confluence Unauth JSON setup-restore Improper Authorization leading to RCE (CVE-2023-22518)", |
98726 | 98790 | "fullname": "exploit/multi/http/atlassian_confluence_unauth_backup", |
|
0 commit comments