SB2023112474 - Multiple vulnerabilities in Confluence Data Center and Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023112474

SB2023112474 - Multiple vulnerabilities in Confluence Data Center and Server

Published: November 24, 2023

Security Bulletin ID SB2023112474
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 50% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Code Injection (CVE-ID: CVE-2022-42890)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the application allows running Java classes via JavaScript. A remote user can use JavaScript to execute a Java class on the system and obtain its execution results.

Example:

Runtime.getRuntime().exec("xxx");


2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2022-40146)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of URLs in jar files. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.


3) Code Injection (CVE-ID: CVE-2022-41704)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure processing links to .jar files inside .svg images. A remote attacker can upload a malicious .svg image that contains links to .jar files and execute arbitrary Java code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Code injection example:

<script type="application/java-archive" xlink:href="file.jar"/>


4) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-42252)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers via an invalid Content-Length header.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks but requires Tomcat to be configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (not the default configuration).


Remediation

Install update from vendor's website.

References