<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

Confluence Data Center Vulnerability Alert | January 2024

Confluence Data Center Vulnerability Overview

 

Background Information

Confluence issued a security advisory for a critical vulnerability impacting Confluence Data Center & Server, which is commonly used for collaboration and development. Note that the vulnerability does not impact Atlassian-hosted SaaS applications. Atlassian warns that customers running out-of-date versions are vulnerable to exploitation, including remote code execution by attackers. We recommend your organization immediately update to the latest version.

Impact of the Vulnerability

This vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5, which no longer receives backported fixes in accordance with Atlassian’s Security Bug Fix Policy.

Affected versions:

  • 8.0.x
  • 8.1.x
  • 8.2.x
  • 8.3.x
  • 8.4.x
  • 8.5.0-8.5.3

Corvus has observed similar vulnerabilities lead to data theft and ransomware attacks. There are no known workarounds for this vulnerability. To remediate, update each affected product installation to the latest version.

Note: Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Next Steps for Confluence Customers:

We encourage your organization to take the following steps to mitigate against potential attack:

  1. Update to the latest fixed version: 
    • Confluence Data Center and Server
      • Fixed Versions: 8.5.4 (LTS)

      • Latest Versions: 8.5.5 (LTS)

    • Confluence Data Center and Server
      • Fixed Versions: 8.6.0 (Data Center Only), 8.7.1 (Data Center Only)

      • Latest Versions: 8.7.2 (Data Center Only)

Recent Articles

Q3 Cyber Threat Report: The Ransomware Ecosystem is Increasingly Distributed


Ransomware attacks remained high in Q3 2024 thanks to the RansomHub, PLAY, and LockBit 3.0 ransomware gangs. Check out the full cyber report for more info.

Q2 Cyber Threat Report: Ransomware Season Arrives Early


In this report, our threat intel team highlights our critical cyber threat and ransomware findings from Q2 2024 and what it means for the threat landscape.

Global IT Meltdown: CrowdStrike Software Update Causes Broad Outages


On July 19, 2024, the world woke up to a massive IT outage caused by cybersecurity firm CrowdStrike that affected numerous industries across the globe.