Australian Cyber Security Centre
Background /What has happened?
A vulnerability (CVE-2021-26084) has been identified in certain self-hosted versions of Atlassian Confluence which can allow a remote malicious cyber actor to execute arbitrary code which could enable the actor to gain full control of a vulnerable server. Atlassian has identified that in some instances this vulnerability is able to be exploited by an unauthenticated user. The ACSC is aware of scanning and attempted exploitation of this vulnerability.
Atlassian has identified that this vulnerability does not affect Confluence Cloud customers.
/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
