Major Atlassian Confluence vulnerability now under attack
Atlassian flaw is being abused, but the patch is available
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A major Atlassian Confluence vulnerability recently discovered in almost all versions of thecollaboration toolpublished over the last decade, is now being actively exploited by threat actors, the company confirmed.
The vulnerability allows threat actors to mount unauthenticated remote code execution attacks against targetendpoints. A day after its discovery, the company released patches for versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1.
Given that the flaw is being actively leveraged, the company has urged its users and customers toupdate the toolto the newest version, immediately. It is being tracked as CVE-2022-26134, but does not yet have a severity score. Atlassian rated it as “critical”.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.
Limiting internet access
It was first discovered by security firm Volexity, which said attackers could insert a Java Server Page webshell into a publicly accessible web directory on a Confluence server.
Confluence’s web application process was also found to have been launching bash shells, something that “stood out”, Volexity said, as it spawned a bash process which triggered a Python process, spawning a bash shell.
Atlassian orders customers to cut internet access to Confluence after critical bug discovered>Atlassian Confluence is under heavy attack>Atlassian Confluence hacked to mine Monero
Confluence users that are unable to apply the patch for whatever reason, have a couple of additional mitigation options at their disposal, which revolve around limiting internet access for the tool. While the patch was in development, the company advised users to either Restrict Confluence Server and Data Center instances’ access to the internet, or disable Confluence Server and Data Center instances entirely.
Atlassian also said companies could implement a Web Application Firewall (WAF) rule to block all URLs containing ${, as that “may reduce your risk”.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While the company did stress “current active exploitation” in its advisory, it did not detail who is using it, or against whom.
Via:The Register
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
