Low Summary
A remote attacker who can connect to the Hazelcast service, running on port 5801 (and potentially 5701), is able to execute arbitrary code on all the nodes in a Confluence Data Center through Java deserialization.
Vulnerability Details
Confluence Data Center uses the third-party software Hazelcast, which is vulnerable to Java deserialization attacks (CVE-2016-10750). Hazelcast provides functionality needed to run Confluence Data Center as a cluster. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted JoinRequest, resulting in arbitrary code execution.
The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
![[Atlassian Documentation] Page](https://confluence.atlassian.com/images/icons/favicon.png "[Atlassian Documentation] Page"){kind=icon}
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[CONFSERVER-79017] RCE in Confluence DataCenter via HazelCast(Confluence) Port
A fix for this issue is available in Confluence Server and Data Center 7.13.7.
Upgrade now or check out the [#https://confluence.atlassian.com/doc/confluence-release-notes-327.html] to see what other issues are resolved.
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 10.0 => Critical severity
Exploitability Metrics
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
Scope Metric
| Scope | Changed |
Impact Metrics
| Confidentiality | High |
| Integrity | High |
| Availability | High |
Is there any workaround for this without upgrading confluence?