UPDATED 22:59 EDT / SEPTEMBER 05 2021

SECURITY

US Cyber Command warns of active exploitation of Atlassian Confluence vulnerability

The U.S. Cyber Command issued a warning Friday that mass exploitation of Atlassian Corp. PLC’s Confluence software is taking place and that users should patch their installations immediately.

The vulnerability, formally named CVE-2021-26084, was revealed by Atlassian on Aug. 25 and was described as allowing an authenticated user to execute arbitrary code on a Confluence Server or data center instance. Confluence Cloud customers are not affected.

The issue affects all versions of Confluence starting at 4.xx through most versions of 6.x.x and 7.x.x. Customers that have upgraded to versions 6.13.23, 7.11.6, 7.12.5, 7.13.0, or 7.4.11 are not affected.

The Object-Graph Navigation Language injection vulnerability was discovered by a security researcher known as SnowyOwn (Benny Jacob) via the Atlassian bug bounty program. OGNL is an open-source Expression Language for Java that allows users to use simpler expressions than those supported by Java natively. It’s not known if the vulnerability is related to an issue with OGNL or a problem in the software introduced by Atlassian.

The vulnerability has been given a Common Vulnerability Scoring System score of 9.8, meaning it’s critical. According to the National Vulnerability Database, the vulnerable endpoints can be accessed by a nonadministrator user or unauthenticated user if “Allow people to sign up to create their account” is enabled.

How widespread the attacks targeting Confluence are is open to some speculation, but notably, Bad Packets posted Sept. 2 that it detected mass scanning and exploiting activity. The exploit activity was traced to hosts in Brazil, China, Hong Kong, Nepal, Romania, Russia and the U.S.

Confluence was launched by Atlassian in 2004, offering web-based corporate wiki and collaboration tools for enterprises. Atlassian claims that the software has more than 60,000 customers. Notable users included HubSpot Inc., Audi AG, Twilio Inc., the National Aeronautics and Space Administration, LinkedIn, Docker Inc., Morningstar Inc., The New York Times Co. and GoPro Inc.

This isn’t the first time Confluence has had serious vulnerability issues. An urgent patch followed the discovery of a vulnerability that allowed anyone to view internal company blogs and pages was released in 2017. In 2019, a critical vulnerability allowed an attacker to gain access and steal data.

Photo: Atlassian

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.