Update ASAP if you use PlantUML, Refined, Linking, Countdown Timer, or Server Status extensions
UPDATED Stored cross-site scripting (XSS) vulnerabilities unearthed in a raft of Confluence plugins allow attackers to inject malicious JavaScript code into pages used within the corporate collaboration platform.
Organizations that use the five Confluence plugins in question – PlantUML, Refined, Linking, Countdown Timer, and Server Status – have been urged to update their systems with newly released versions.
Security researchers from SEC Consult have also advised organizations to perform “an in-depth security analysis” since “the plugins may be affected [by] further security issues”, according to a security advisory published by the cybersecurity consultancy.
Privileged positions
However, the flaws’ severity is somewhat limited by the fact that attackers need “a valid account with privileges to use/edit one of the vulnerable plugins on a Confluence page,” Roman Ferdigg and Daniel Teuchert of SEC Consult, who discovered the flaws, told The Daily Swig.
That said, “the victim does not necessarily need a valid account” in order for adversaries to target them, “if the payload is delivered via a public Confluence page.
“If the victim has a valid account and is currently logged into Confluence, an attacker can carry out different actions in the context of the victim and exfiltrate data from Confluence pages and spaces that the victim has access to,” the researchers explained.
But if “the victim is not logged in or doesn't have an account, the attacker can atta ..
Support the originator by clicking the read the rest link below.
