Skip to main content

Atlassian rolled out fixes for Confluence zero-day actively exploited in the wild

posted onJune 5, 2022
by l33tdawg
Security Affairs
Credit: Security Affairs

“Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. Further details about the vulnerability are being withheld until a fix is available.” reads the advisory published by the company.

The issue was reported by security firm Volexity, the company announced the availability of the security fixes for supported versions of Confluence within 24 hours (estimated time, by EOD June 3 PDT).

Volexity researchers discovered the issue as part of an investigation into an attack that took over the Memorial Day weekend. The attackers targeted two Internet-facing web servers that were running Atlassian Confluence Server software. Volexity determined that threat actors launched an exploit to achieve remote code execution, they triggered a zero-day vulnerability that impacted fully up-to-date versions of Confluence Server.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th