Home News U.S. Cyber Command Warns Active Exploitation of Atlassian Confluence Vulnerability

U.S. Cyber Command Warns Active Exploitation of Atlassian Confluence Vulnerability

The U.S. Cyber Command (USCYBERCOM) has warned organizations to patch the Atlassian Confluence vulnerability (CVE-2021-26084) immediately. Read here.

SHARE
Atlassian Confluence Vulnerability

Organizations in the U.S. continue to sustain series of unpatched vulnerability exploits. The U.S. Cyber Command (USCYBERCOM) recently warned organizations to patch the actively exploiting Atlassian Confluence critical vulnerability CVE-2021-26084 immediately.

“Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already — this cannot wait until after the weekend,” USCYBERCOM said.

Atlassian Confluence Vulnerability

The CVE-2021-26084 vulnerability is an Object-Graph Navigation Language (OGNL) injection flaw that affects Atlassian Confluence Servers and Confluence Data Center software installed on Confluence self-hosted project management platforms. The vulnerability enables an unauthenticated hacker to execute arbitrary code on Confluence Server or Data Center installations.

The vulnerability was discovered by Benny Jacob (SnowyOwl) in the Atlassian public bug bounty program.

Affected versions include:

  • version < 6.13.23
  • 14.0 ≤ version < 7.4.11
  • 5.0 ≤ version < 7.11.5
  • 12.0 ≤ version < 7.12.5

Atlassian Releases Patch

In a security advisory, Atlassian detailed the severity and impacts of the vulnerability. It said, “The vulnerability is being actively exploited in the wild. Affected servers should be patched immediately. The vulnerability is exploitable by unauthenticated users regardless of configuration.”

Atlassian recommended organizations identify vulnerable devices and update them to the latest Long Term Support release to avoid potential risks.

What the Experts Say…

The latest warning from the U.S. Cyber Command created a buzz in the cybersecurity community. Security experts from threat intelligence firm Bad Packets claimed it has identified a mass exploit activity targeting vulnerable Atlassian Confluence servers across the U.S., Brazil, Hong Kong, China, Nepal, Romania, and Russia.

Also, security firm Censys that it detected over 14,701 services that self-identified as a Confluence server. Of those, 13,596 ports and 12,876 individual IPv4 hosts are running an exploitable version of the software.