1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Major Atlassian Confluence vulnerability now under attack

    From TechnologyDaily@1337:1/100 to All on Mon Jun 6 15:00:04 2022
    Major Atlassian Confluence vulnerability now under attack

    Date:
    Mon, 06 Jun 2022 13:42:40 +0000

    Description:
    The flaw, which Atlassian describes as "critical", is being abused, but the patch is available

    FULL STORY ======================================================================

    A major Atlassian Confluence vulnerability recently discovered in almost all versions of the collaboration tool published over the last decade, is now being actively exploited by threat actors, the company confirmed.

    The vulnerability allows threat actors to mount unauthenticated remote code execution attacks against target endpoints . A day after its discovery, the company released patches for versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1.

    Given that the flaw is being actively leveraged, the company has urged its users and customers to update the tool to the newest version, immediately. It is being tracked as CVE-2022-26134, but does not yet have a severity score. Atlassian rated it as critical.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Limiting internet access

    It was first discovered by security firm Volexity, which said attackers could insert a Java Server Page webshell into a publicly accessible web directory
    on a Confluence server.

    Confluences web application process was also found to have been launching
    bash shells, something that stood out, Volexity said, as it spawned a bash process which triggered a Python process, spawning a bash shell. Read more

    Atlassian orders customers to cut internet access to Confluence after
    critical bug discovered


    Atlassian Confluence is under heavy attack


    Atlassian Confluence hacked to mine Monero

    Confluence users that are unable to apply the patch for whatever reason, have a couple of additional mitigation options at their disposal, which revolve around limiting internet access for the tool. While the patch was in development, the company advised users to either Restrict Confluence Server and Data Center instances access to the internet, or disable Confluence
    Server and Data Center instances entirely.

    Atlassian also said companies could implement a Web Application Firewall
    (WAF) rule to block all URLs containing ${, as that "may reduce your risk.

    While the company did stress current active exploitation in its advisory, it did not detail who is using it, or against whom. Protect your devices from software flaws with the best antivirus solutions around

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/major-atlassian-confluence-vulnerability-now-un der-attack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)