SECURITY
SECURITY
SECURITY
US Cyber Command warns of active exploitation of Atlassian Confluence vulnerability
The U.S. Cyber Command issued a warning Friday that mass exploitation of Atlassian Corp. PLC’s Confluence software is taking place and that users should patch their installations immediately.
The vulnerability, formally named CVE-2021-26084, was revealed by Atlassian on Aug. 25 and was described as allowing an authenticated user to execute arbitrary code on a Confluence Server or data center instance. Confluence Cloud customers are not affected.
The issue affects all versions of Confluence starting at 4.xx through most versions of 6.x.x and 7.x.x. Customers that have upgraded to versions 6.13.23, 7.11.6, 7.12.5, 7.13.0, or 7.4.11 are not affected.
The Object-Graph Navigation Language injection vulnerability was discovered by a security researcher known as SnowyOwn (Benny Jacob) via the Atlassian bug bounty program. OGNL is an open-source Expression Language for Java that allows users to use simpler expressions than those supported by Java natively. It’s not known if the vulnerability is related to an issue with OGNL or a problem in the software introduced by Atlassian.
The vulnerability has been given a Common Vulnerability Scoring System score of 9.8, meaning it’s critical. According to the National Vulnerability Database, the vulnerable endpoints can be accessed by a nonadministrator user or unauthenticated user if “Allow people to sign up to create their account” is enabled.
How widespread the attacks targeting Confluence are is open to some speculation, but notably, Bad Packets posted Sept. 2 that it detected mass scanning and exploiting activity. The exploit activity was traced to hosts in Brazil, China, Hong Kong, Nepal, Romania, Russia and the U.S.
Confluence was launched by Atlassian in 2004, offering web-based corporate wiki and collaboration tools for enterprises. Atlassian claims that the software has more than 60,000 customers. Notable users included HubSpot Inc., Audi AG, Twilio Inc., the National Aeronautics and Space Administration, LinkedIn, Docker Inc., Morningstar Inc., The New York Times Co. and GoPro Inc.
This isn’t the first time Confluence has had serious vulnerability issues. An urgent patch followed the discovery of a vulnerability that allowed anyone to view internal company blogs and pages was released in 2017. In 2019, a critical vulnerability allowed an attacker to gain access and steal data.
Photo: Atlassian
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
