7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.026 Low
EPSS
Percentile
90.4%
h3. Vulnerability Details
Confluence Data Center uses the third-party software Hazelcast, which is vulnerable to Java deserialization attacks ([CVE-2016-10750|https://vulners.com/cve/CVE-2016-10750]). Hazelcast provides functionality needed to run Confluence Data Center as a cluster. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted {{{}JoinRequest{}}}, resulting in arbitrary code execution.
h3. Affected Versions
(i)Β Confluence Data Center instances that are not installed as a cluster are not affected.
(i) Confluence Server is not affected.
(i) Confluence Cloud is not affected.
Confluence Data Center is only affected when it is installed as a cluster. To verify whether a cluster installation is being used, check the {{confluence.cfg.xml}} file in the [Confluence home directory|https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html]. If the following line is present, it has been installed as a cluster:
{code:java}
<property name=βconfluence.clusterβ>true</property> {code}
If the line is not present or if the value is set to {{false}} instead of {{{}true{}}}, it has not been installed as a cluster.
The following versions are affected when clustering is enabled:
h3. Fixed Versions
The following versions contain fixes for this issue:
h3. Workaround
Restrict access to the Hazelcast port by using a firewall or other network access controls. The port only needs to be accessible by other nodes in the Confluence cluster. Confluence Data Center configures Hazelcast to [use both TCP ports 5701 and 5801 by default|https://confluence.atlassian.com/doc/set-up-a-confluence-data-center-cluster-982322030.html#SetupaConfluenceDataCentercluster-Security].
h3. Acknowledgements
We would like to acknowledge Benny Jacob (SnowyOwl) for reporting this vulnerability.
h3. References
For more information, please refer to [Atlassianβs security advisory|https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html].
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.026 Low
EPSS
Percentile
90.4%