On SeptemCensys identified 14,701 services that self-identified as a Confluence server. It should be noted that Confluence Cloud customers are not affected by this vulnerability.
Confluence versions upgrade#
For organizations that can’t immediately upgrade Confluence, Atlassian recommends that they download and run Windows and Linux scripts published by Atlassian as a temporary solution. Previous versions from version 7.12.5 to 7.12.0Ītlassian released versions 6.13.23, 7.4.11, 7.11.6, 7.12.5, and 7.13.0 to fix the bug and recommends upgrading to the latest version in the 7.13.x branch to take advantage of long-term support. Previous versions from version 7.11.6 to 7.5.0 With the previous version from version 7.4.11 to 6.14.0 How many servers are at risk?Īccording to Atlassian’s official description, versions impacted by CVE-2021-26084 in Confluence Server and Confluence Data Center are: These Magecart attacks exposed large numbers of credit card information and caused companies to pay millions of dollars in fines. This cybercrime syndicate injected card skimming codes to different JavaScripts used by large organizations such as Newegg and British Airways. An example of a threat actor creating this kind of third-party breach is the Magecart group. Organizations that then use the infected product of this third-party provider may inadvertently leak sensitive information to threat actors.
Confluence versions software#
Since Confluence servers are mainly used by software developers, a threat actor may find a way to inject malicious code through a company’s source code or JavaScript code. The Black Kite Research Team has obtained posts from these hacker forums and discovered that approximately 600 URLs of potentially vulnerable Confluence servers have been shared. Hackers are using open-source intelligence (OSINT) tools to find vulnerable Confluence products, sharing their findings with the hacker community on underground forums.
Confluence versions how to#
The vulnerability is classified as “critical” with a 9.8 (out of 10) CVSSv3 severity score.īecause Confluence is used globally by software developers and teams, and that attackers can execute codes remotely, threat actors and security researchers have already published multiple proof-of-concepts (PoCs) on how to exploit the vulnerability. It allows an unauthenticated attacker to execute remote code using the OGNL language, a simplified version of Java’s expression language. CVE-2021-26084 is a vulnerability in Confluence that is widely distributed. What is the CVE-2021-26084 Vulnerability?Ītlassian Confluence is a web-based team collaboration platform written in Java for managing workspaces and projects that organizations can run locally on their servers. Since then, we have seen widespread searches for active exploit attempts for vulnerable Confluence servers. Atlassian released an advisory to its customers on Augto fix the CVE-2021-26084 vulnerability in the enterprise Wiki tool Confluence.
0 kommentar(er)
