UPDATED 01:16 EST / APRIL 28 2017

INFRA

Atlassian’s Confluence patched following discovery of a serious security issue

Despite topping earning estimates in its latest quarter, enterprise collaboration software maker Atlassian Corp. Plc. is having a bad week. The company was forced to deal with a second serious security issue Thursday after it revealed Monday that its group chat platform HipChat had been hacked.

The latest problem comes from the company’s Confluence team collaboration software, which has been patched following the discovery of a vulnerability that allowed anyone to view any internal company blogs and pages hosted by the software. Labeled CVE-2017-7415, the vulnerability was rated with a high severity level and affects all Confluence versions from 6.0.0 onwards.

“The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication by providing a page id or draft ID,” Atlassian said on its security advisory site. “Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence provided that they first enumerate page or draft IDs.”

Atlassian advised users to update to version 6.1.0 if they can. If they can’t do so because the later version having more modern system software library requirements, they should immediately update to 6.0.7, which has also been updated to fix the vulnerability.

It’s not clear from the security advisory as to whether any hackers had obtained data using the vulnerability and a figure may never be forthcoming. Unlike HipChat, Confluence is available both as a hosted cloud service and as on-premises software. Known Confluence customers include NASA, Docker Inc., Deutsche Lufthansa AG, Twilio Inc. and Spotify AB, with more than 100 million pages said to be published using the software.

Photo: is0crazy/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU