Patch Now: Atlassian Confluence Vulnerability (CVE-2021-26084) Advisory

Vulnerability

Share Blog Post

The US Cyber Command has issued an alert urging US organizations to patch a critical vulnerability (CVE-2021-26084) in the Confluence Atlassian that is being massively exploited. The security organization tweeted the alert urging organizations to immediately apply the latest updates issued by Confluence. The Cyber National Mission Force (CNMF) has noticed ongoing mass exploitation of the bug and is expecting the malicious activity to only accelerate.

What Confluence Server and Data Center Versions are affected by this vulnerability?

The vulnerability affects Confluence Server and Data Center versions before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

What versions are not affected by this vulnerability?

Customers who have upgraded to versions 6.13.23, 7.11.6, 7.12.5, 7.13.0, or 7.4.11 are not affected.

Are Confluence Cloud customers affected by this vulnerability?

No, Confluence Cloud customers are not affected.

How can a malicious actor exploit this vulnerability?

The OGNL injection vulnerability allows an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.

How can the vulnerability be mitigated?

The advisory released by Atlassian lists down the following mitigation steps

If you are running an affected version upgrade to version 7.13.0 (LTS) or higher.
If you are running 6.13.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 6.13.23.
If you are running 7.4.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 7.4.11.
If you are running 7.11.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 7.11.6.
If you are running 7.12.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 7.12.5.

Is there a workaround available for those who are unable to upgrade the Confluence version?

Yes, Atlassian has disclosed a temporary workaround for those who are unable to upgrade to secure versions. The bug can be mitigated by running a script for the Operating System that Confluence is hosted on. Atlassian has shared the script in its security advisory.

Resources

Atlassian Confluence Security Advisory

CISA Advisory

US Cybercommand Alert

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Cyber Fusion Center

Intel Exchange

Intel Exchange Lite

Collaborate

Respond

Orchestrate

Threat Intelligence Ecosystem

Solutions for ISACs, ISAOs, and CERTs

Solutions for ISAC, ISAO, and CERT Members

Intel Exchange Spoke

Cyware Browser Extension

Partners & Integrations

Channel Partners

MSSPs

Technology Alliances

Open APIs

MISP

Register a Deal

CywareOne Login

Resources Library

Resource Library

Cyware Labs: Research & Threat Briefings

Security Guides

Free Threat Intel Feeds

Webinars & Videos

Community Resources

Cyware Academy

Contact Us

Leadership

Careers

Cyware in the News

Press Releases

Compliance

Patch Now: Atlassian Confluence Vulnerability (CVE-2021-26084) Advisory

Share Blog Post

Tags

More from Cyware

The Virtual Cyber Fusion Suite

Explore Solutions

Capabilities

Resource Library

Use Cases