Atlassian issues security alert to users of its Confluence software

3 Jun 2022

Image: © MichaelVi/Stock.adobe.com

Confluence Server and Data Center have been targeted by a cyberattack that exploits a flaw that allows attackers to execute code remotely.

Atlassian has issued a critical security warning to users of its Confluence collaboration tool after being alerted of an ongoing cyberattack that is exploiting a flaw in the software.

Issued yesterday (2 June), the advisory states that the attack has affected “all supported versions” of Confluence Server and Data Center, two Atlassian products aimed at software development teams and enterprises to collaborate with each other.

While there are currently no fixed versions of Confluence Server and Data Center available, Atlassian urged customers to work with security teams to “consider the best course of action”, including restricting the software products’ access to the internet or disabling them. Both of these options can potentially cause significant disruption for remote workers using the tool.

Confluence is an online platform where people can work from a series of documents shared in the cloud. It is one of Atlassian’s many products, which include popular collaboration tools Trello and Jira.

“Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server,” the company wrote on its website.

This means that an unauthenticated remote attacker could exploit this vulnerability to execute code remotely, causing potential harm to enterprise systems.

“Further details about the vulnerability are being withheld until a fix is available.”

The company said it expects security fixes for supported versions of Confluence will begin to be available for customer download by the end of the day, PDT (3 June).

Atlassian, which primarily develops products for software developers, project managers and other small teams, rated the cyberattack as “critical” – its highest security threat level rating.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued its own advisory to users of the software.

“CISA urges organisations with affected Atlassian’s Confluence Server and Data Center products to block all internet traffic to and from those devices until an update is available and successfully applied.”

Updated, 11.15am, 3 June 2022: This article was updated to add the time Atlassian expects security fixes to be available. 

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com