U.S. Cyber Command has warned firms utilizing Atlassian Confluence that “mass exploitation” of a lately disclosed vulnerability “is ongoing and anticipated to speed up.”
Confluence is a collaboration platform used to create inside data bases, handle initiatives, and unify different instruments. There are three variations of the platform: the Atlassian-managed Confluence Cloud, self-managed Confluence Server, and self-hosted Confluence Information Middle.
Atlassian disclosed a vulnerability (CVE-2021-26084) on Aug. 25 that “would enable an unauthenticated consumer to execute arbitrary code on a Confluence Server or Information Middle occasion.” (Confluence Cloud was stated to be unaffected by the safety flaw.)
Confluence’s web site claims that greater than 60,000 firms use the platform. Atlassian would not seem to supply a breakdown of what number of of these prospects use a selected model of the instrument, nevertheless, which makes it troublesome to estimate the attain of this vulnerability.
U.S. Cyber Command issued the next warning on Sep. 3:
Atlassian followed with an update to the security advisory for CVE-2021-26084 that warned Confluence users the vulnerability was being actively exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also released a warning associated to the vulnerability.
“A distant attacker may exploit this vulnerability to take management of an affected system,” the company stated in a Sep. 3 advisory. “CISA urges customers and directors to overview Atlassian Safety Advisory 2021-08-25 and instantly apply the required updates.”
Atlassian’s safety advisory supplies an in depth record of affected variations of Confluence in addition to a brief mitigation for the difficulty that can be utilized if patches cannot instantly be put in.