Many modern software factories adopting Agile development methodologies also take on the tools of Atlassian such as Jira to managed their feature backlog and Confluence for documentation. A critical path traversal vulnerability has been discovered in the on-premises version of Confluence Server and Data Centre which will allow a remote user who has permission to upload a document to the Confluence workspace to execute arbitrary code on the server.
Confluence is a collaboration tool used by over 13,000 organisations around the world and the majority of users will have the necessary permission to upload documents, as this is the nature of the collaboration tool.
The vulnerability which was introduced in version 2.0.0 and affects all version except the newly released 6.6.13 or 6.12.4 or 6.13.4 or 6.14.3 or 6.15.2.
According to Atlassian:
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs, or to create a new space or personal space, or who has ‘Admin’ permissions for a space, can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.
The Atlassian Cloud (hosted) version of Confluence is not affected.
For organisation unable to immediately install the recommended patches, Atlassian details configuration changes that can be made to temporarily disable the upload functionality in its security advisory here