skout-blog

Cybersecurity Threat Advisory 0060-21: Atlassian Confluence Critical Vulnerability

Threat Update

The Australian company Atlassian’s public bug bounty program has discovered a critical vulnerability in Confluence, a corporate web-based wiki developed by Atlassian. Confluence is used and trusted by companies worldwide to host internal Wiki sites that employees can use to access different information and data within their organization. Altassian announced that they have patched the vulnerability, which was discovered by Benny Jacob through the Atlassian public bug bounty program. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on infection Confluence Server and Data Centers. SKOUT recommends ensuring that all confluence instances be updated to their latest versions, to allow for security patches to be implemented.

Technical Detail & Additional Information

WHAT IS THE THREAT?

CVE-2021-26084 – OGNL Remote Code Execution Vulnerability:

This vulnerability exists in multiple confluence versions (listed below) and has been pathed. An attacker could potentially use this to execute arbitrary code, which would enable them to perform malicious activity on vulnerable instances.

WHY IS IT NOTEWORTHY?

Thousands of businesses use and trust Confluence to store company information, which could be sensitive. Since this service is so widely used, there is a wide scope of potential targets that attackers could exploit these vulnerabilities for. Attackers look out for these types of vulnerabilities and look to exploit them, so it is crucial to keep services updated regularly to allow for patches to be applied accordingly.

WHAT IS THE EXPOSURE OR RISK?

This vulnerability could potentially allow attackers to execute arbitrary code. The execution of arbitrary code could lead to several possible compromises, which could result in severe data leakage or denial of service for companies who use confluence to store large amounts of information. In many cases, IT users who could have high end admin access will rely on virtual machines for different parts of their job. If an instance is compromised, attackers could gain access to sensitive information and even create/delete files. Many companies rely on Confluence remaining private and being able to use it to conduct everyday business. These vulnerabilities put these expectations at potential risk if they are exploited by attackers, so it is very important to ensure that the affected versions are updated so the patches can be applied.

WHAT ARE THE RECOMMENDATIONS?

Altassian has released patches for these vulnerabilities. They say they affect the following Confluence versions:

  • Any versions of Confluence prior to version 6.13.23
  • All Confluence versions from v. 6.14.0 up and before version 7.4.11
  • Version 7.5.0 ≤ version < 7.11.5
  • Version 7.12.0 ≤ version < 7.12.5

And users should update to the patched versions below.

  • 6.13.23
  • 7.4.11
  • 7.11.6
  • 7.12.5
  • 7.13.0

SKOUT recommends immediately updating any devices running those versions to allow for the proper patches to be applied.

REFERENCES

For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact our Security Operations Center.