Skip to content
CybersecurityTechnologyPoliticsGeneral-news

Atlassian addresses a significant issue with Confluence, deploying a patch for an unforeseen vulnerability.

Unauthorized Access: Potential for Hackers to Gain Control Over Targeted Devices Without the Need for Verification

 and  Administrator
1 min read
Atlassian addresses a critical vulnerability in Confluence, releasing a patch
Atlassian addresses a critical vulnerability in Confluence, releasing a patch

Atlassian addresses a significant issue with Confluence, deploying a patch for an unforeseen vulnerability.

In a recent development, cybersecurity firm Volexity discovered a zero-day vulnerability in the Confluence application, a digital team workspace used by over 75,000 customers, on the Memorial Day weekend. This vulnerability, now identified as CVE-2022-26134, has been actively exploited, allowing an attacker to control an affected device without authentication.

Researchers from Volexity alerted Atlassian about the vulnerability on May 31, and less than a month later, the company issued a warning. In response, Atlassian has released a security update on Friday for Confluence Server and Data Center to address this critical issue.

However, it appears that the majority of Confluence users utilize the Cloud version, which was not affected by the vulnerability. Consequently, Atlassian has less visibility of on-premise compromised systems. Only a few companies have been alerted they've been exploited so far. Impacted customers have been notified by Atlassian, and the company's support team is working with them to implement the patch.

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog regarding the Confluence vulnerability. Eric Goldstein, executive assistant director for cybersecurity at CISA, has advised affected customers to immediately implement Atlassian's guidance to protect their systems. Organisations should also contact CISA about any potential intrusion related to the Confluence vulnerability.

It's worth noting that this is not the first time Confluence has been the subject of a vulnerability. Last August, the application was previously affected, albeit with a different vulnerability. Federal agencies were earlier required to disconnect their systems due to the vulnerability.

In light of these developments, it's crucial for organisations using the on-premise version of Confluence to apply the security update as soon as possible to mitigate potential risks.

Read also:

Related

Latest