On May 31, 2022, Atlassian was notified of a new unauthenticated remote code execution vulnerability that affects all supported versions of Atlassian Confluence Server and Data Center products. The vulnerability has been classified as critical severity and is actively being exploited by malicious actors.
Who is affected?
Atlassian has confirmed that all supported versions of Confluence Server and Confluence Data Center are vulnerable. Atlassian believes that unsupported versions after 1.3.0 are also vulnerable, but they have not yet been tested.
Users of Confluence Cloud are not affected by the issue.
What is the risk?
Malicious actors are able to execute remote code by uploading a web shell on the application. This web shell allows attackers to execute operating system commands on the underlying server by accessing a JSP page via the web server. With this access, attackers can exfiltrate any data stored on the system, as well as pivot to other internal systems.
How do I protect my organization?
As of June 3, 2022, Atlassian has released fixed versions, and recommends updating immediately to one of the following versions:
If you are unable to update immediately, Atlassian has provided temporary workarounds in the Confluence Security Advisory.
TrustedSite has added detections to identify affected products, and our security team is actively monitoring and alerting customers that may be affected.
If you have any questions, please reach out to us at firstname.lastname@example.org.