Atlassian recently released some emergency patches for a highly critical zero-day vulnerability in its Confluence DataCenter and Server software. Hackers have already exploited the vulnerability.
According to Atlassian, this zero-day vulnerability is part of Confluence DataCenter and Server instances. Hackers can use it to create unauthorized Confluence admin accounts and gain access to other Confluence instances.
Affected versions
Atlassian considers the vulnerability so critical that users should immediately update the affected software. Affected versions of Confluence DataCenter and Confluence Server are version 8.0 through version 8.5.1.
Mitigation measures
To avoid problems, end users should take some additional measures. Atlassian recommends immediately disconnecting affected instances from the internet if they cannot be patched immediately. End users can also reduce attack vectors by restricting access to /setup/* endpoints on Confluence instances.
Furthermore, all Confluence users should check their instances for potential breaches. Examples include encountering unexpected members in the Confluence admin group, random newly created user accounts, requests for /setup/*.action in the network access logs and the presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory.
22 hours ago
