[German]A brief message for administrators of Confluence Enterprise servers. There is a critical vulnerability in this collaboration product that is being exploited. Currently, security researchers are detecting mass scans on the Internet for servers with the vulnerability in question. Here is some information about the issue.
Advertising
Confluence is a commercial wiki software developed by the Australian company Atlassian and used as an enterprise wiki mainly for the documentation and communication of knowledge and knowledge sharing in companies and organizations, but is also increasingly used as a basis for public wikis on the Internet.
Already yesterday, Catalin Cimpanu pointed out a serious vulnerability in this software in the above tweet as well as in this article. The vulnerability CVE-2021-26084 affects the Confluence Server and Confluence Data Center software, which is usually installed on the Confluence self-hosted project management, wiki and team collaboration platforms.
Security updates to close the vulnerability were released on August 25, 2021. A week later, scans for vulnerable servers began via the Internet. There is further confirmation of the mass scans in this tweet.
Advertising
