Atlassian’s wiki software Confluence Server and Data Center are vulnerable – and that is exactly what attackers are currently exploiting. According to observations by security researchers, attackers scan for systems, attack them and try to install a crypto Trojan.
Attacks on Linux and Windows servers
As “criticalThe classified security vulnerability (CVE-2021-26084) can be found in Confluence Server Webwork OGNL. Much information about possible attack scenarios is not known. Attackers must be authenticated for successful attacks. In some cases, however, attacks should also be possible without authentication.
Now, among other things, security researchers are warning of bad packets on twitter against attacks on Linux and Windows servers with vulnerable Confluence versions. After a successful attack, the crypto miner XMRig, for example, is supposed to land on systems and shred their computing power for mining cryptocurrency.
If not a patch, then a workaround
But it doesn’t have to stop there and attackers could also leave back doors or spy Trojans on servers. They could also compromise entire networks and, for example, copy internal business information. Admins should quickly get one of the secured versions 6.13.23, 7.4.11, 7.11.6, 7.12.5 and 7.13.0 to install. All younger versions are said to be vulnerable. Atlassian advises admins to install Long-Term Support Release 7.13.0 (LTS). A post explains how to upgrade.
If admins are currently unable to install a security update, they should temporarily script the Confluence Server for Linux or Windows (to be found under Mitigation).
Disclaimer: This article is generated from the feed and not edited by our team.