Critical Atlassian Confluence vulnerability sparks relentless attacks

A recent article from TechTarget Security highlights the rise in exploitation attempts against a critical vulnerability in Atlassian Confluence. The vulnerability, which allows for remote code execution (RCE), was disclosed and patched last week. The flaw affects Atlassian Confluence Data Center and Confluence Server versions between 8.0.x and 8.5.3, and received the highest CVSS score of 10 out of 10. Multiple cybersecurity organizations, including the Shadowserver Foundation, have reported scans and exploitation attempts targeting vulnerable instances of Atlassian Confluence. The organizations have observed thousands of vulnerable instances, with scanning activity originating from Europe, North America, and Asia. However, some cybersecurity vendors have reported that the attempts have been ineffective so far. The SANS Technology Institute’s Internet Storm Center also detected exploitation activity, which has increased since the release of a proof-of-concept exploit. The institute’s research dean, Johannes Ullrich, advised users to patch the flaw immediately and assume that unpatched systems have been compromised. While the recent exploitation attempts indicate a rise in attacks on Atlassian Confluence Data Center and Confluence Server, it is important to note that the vulnerability does not affect Atlassian Cloud sites, limiting the scope of potential high-value targets. Atlassian declined to provide further information on the exploitation activity but emphasized the importance of patching and confirmed that the issue was corrected in a previous release.