Despite topping earning estimates in its latest quarter, enterprise collaboration software maker Atlassian Corp. Plc. is having a bad week. The company was forced to deal with a second serious security issue Thursday after it revealed Monday that its group chat platform HipChat had been hacked.

The latest problem comes from the company’s Confluence team collaboration software, which has been patched following the discovery of a vulnerability that allowed anyone to view any internal company blogs and pages hosted by the software. Labeled CVE-2017-7415, the vulnerability was rated with a high severity level and affects all Confluence versions from 6.0.0 onwards.

“The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication by providing a page id or draft ID,” Atlassian said on its security advisory site. “Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence provided that they first enumerate page or draft IDs.”

Atlassian advised users to update to version 6.1.0 if they can. If they can’t do so because the later version having more modern system software library requirements, they should immediately update to 6.0.7, which has also been updated to fix the vulnerability.

It’s not clear from the security advisory as to whether any hackers had obtained data using the vulnerability and a figure may never be forthcoming. Unlike HipChat, Confluence is available both as a hosted cloud service and as on-premises software. Known Confluence customers include NASA, Docker Inc., Deutsche Lufthansa AG, Twilio Inc. and Spotify AB, with more than 100 million pages said to be published using the software.

Photo: is0crazy/Flickr