Atlassian urges its customers to immediately update their Confluence on-premise, Data Center and Server products due to a vulnerability. The vulnerability, called CVE-2021-26084 allows remote attackers to inject code and steal data, deploying malware and enabling them to view restricted resources via a Pre-Authorization Arbitrary File.
The vulnerability does not affect Confluence Cloud customers.
The US Cyber National Mission Force tweeted “Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already”
The cyber intelligence firm Bad Packets said they "detected mass scanning and exploited activity from hosts in Brazil, China, Hong Kong, Nepal, Romania, Russia and the US targeting Atlassian Confluence servers vulnerable to remote code execution."
Atlassian has disclosed patches for the vulnerabilities and recommends that users upgrade to the Long Term Support release.
Confluence Server and Data Center versions before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5 are affected by this vulnerability.
At DEMICON safety is a priority, therefore we made sure that our customer's environments were patched immediately.
If you need support upgrading and patching your Confluence instance, don't hesitate to contact us, our team of experts will find the best solution for your use case.