On August 25, 2021, Atlassian disclosed a critical remote execution vulnerability (CVE-2021-26084) that affects multiple versions of Confluence Server and Data Center. Several proof-of-concept (PoC) exploits have been published, and the flaw is under active exploitation as of this publication.

Exploitation of this vulnerability enables remote threat actors to bypass authentication and execute arbitrary code, potentially resulting in system takeover. Confluence Cloud customers are not impacted. Atlassian released Confluence Server and Data Center versions 6.13.23, 7.11.6, 7.12.5, 7.13.0, and 7.4.11 to address this issue.

Recommended actions:

Our Security Partner recommend that customers immediately upgrade vulnerable Confluence Server or Data Center instances to a patched version as appropriate. The Atlassian advisory describes temporary workarounds for Linux and Windows operating systems if upgrading immediately is not feasible.

Questions:

If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk

References:

https://us-cert.cisa.gov/ncas/current-activity/2021/09/03/atlassian-releases-security-updates-confluence-server-and-data
https://www.zdnet.com/article/us-cybercom-says-mass-exploitation-of-atlassian-confluence-vulnerability-ongoing-and-expected-to-accelerate/
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
https://www.atlassian.com/software/confluence/download-archives
https://jira.atlassian.com/browse/CONFSERVER-67940
https://nvd.nist.gov/vuln/detail/CVE-2021-26084
https://therecord.media/confluence-enterprise-servers-targeted-with-recent-vulnerability/
https://searchsecurity.techtarget.com/news/252506129/Atlassian-Confluence-flaw-under-active-attack
https://www.exploit-db.com/exploits/50243
https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md
https://github.com/alt3kx/CVE-2021-26084_PoC