Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released.
Atlassian Confluence is a very popular web-based corporate team workspace that allows employees to collaborate on projects.
On August 25th, Atlassian issued a security advisory for a Confluence remote code execution (RCE) vulnerability tracked as CVE-2021-26084, allowing an unauthenticated attacker to remotely execute commands on a vulnerable server.
An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance, explains Atlassian’s CVE-2021-26084 advisory.
All versions of Confluence Server and Data Center prior to the fixed versions listed above are affected by this vulnerability.
Atlassian has released patches for the vulnerabilities and recommends that users upgrade to the Long Term Support release.