ACSC alerts on critical Atlassian Confluence bug

By

Threat actors scan the Internet for vulnerable instances.

The Australian government's cyber security centre has issued a high status alert to warn users of Atlassian's Confluence that the corporate wiki software contains a serious vulnerability that allows attackers to execute code remotely, with no authentication required.

ACSC alerts on critical Atlassian Confluence bug

Atlassian said the bug is an Object-Graph Navigation Language (OGNL) code injection vulnerability, affecting self-hosted Confluence Server and Data Centre versions, but not the Cloud variant.

Proof-of-concept code has been published for the flaw, which was discovered by security researcher Benny Jacob.

ACSC and security researchers are warning that attackers are looking for, and attempting to exploit, vulnerable Confluence instances currently.

"Australian organisations who self-host Atlassian Confluence should identify any internet-facing instances of Confluence as a priority," ACSC said.

"Internal instances of Confluence should also be identified."

Confluence customers are advised to upgrade to versions 6.13.23, 7.11.6, 7.12.5, 7.13 or 7.4.11 in which the vulnerability is patched.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Melbourne dev finds gift card PINs can be brute-forced

Melbourne dev finds gift card PINs can be brute-forced

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Western Sydney University targets file-sharing sites hosting stolen data

Western Sydney University targets file-sharing sites hosting stolen data

Log In

  |  Forgot your password?