Thousands of Confluence servers vulnerable to attack

Published 9/15/21, 9:00am

A recently discovered vulnerability in the Atlassian Confluence service (CVE-2021-26084; CVSS score of 9.8) is causing concern for security researchers. The flaw relates to an Object-Graph Navigation Language (OGNL) injection vulnerability that could be exploited to execute arbitrary code on Confluence Server and Data Center versions before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. 

Researchers tracking the bug note that the number of vulnerable Confluence servers was over 8,000 as of Sunday, September 5. Last week, the Jenkins Project—an open-source automation server that provides plugins to support project development—announced it had been attacked through the recently discovered Confluence bug. In this case, experts believe the Confluence exploit was used to install a Monero cryptominer in the container.

US Cyber Command and the US Cybersecurity and Infrastructure Security Agency (CISA) have both issued warnings about the risk of mass exploitation of the vulnerability. 

Next Steps

Due to the high severity of this vulnerability and the fact that the bug is currently being exploited in the wild, Confluence recommends that affected systems be patched immediately. Additionally, users should upgrade to the latest long-term support release. Additional information can be found on the Confluence Security Advisory.