U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw

Exploiting Atlassian Confluence Flaw
Share It On:

5th September 2021, Kathmandu

The U.S. Cyber Command on Friday admonished of perpetual mass exploitation endeavors within the wild targeting a now-patched critical security susceptibility affecting Atlassian Confluence deployments that would be abused by unauthenticated assailants to require control of a vulnerably susceptible system.

“Mass exploitation of Atlassian Confluence CVE-2021-26084 is perpetual and expected to expedite,” the Cyber National Mission Force (CNMF) verbalized during a tweet. The caveat was additionally echoed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Atlassian itself during a series of independent advisories.

Lamentable Packets noted on Twitter it “detected mass scanning and exploit activity from hosts in Brazil, China, Hong Kong, Nepal, Romania, Russia and therefore the U.S. targeting Atlassian Confluence servers vulnerably vulnerable to remote code execution.”

Atlassian Confluence may be a widely popular web-predicated documentation platform that sanctions teams to engender, collaborate, and organize on different projects, offering an earthly platform to apportion information in corporate environments. It counts several major companies, including Audi, Docker, GoPro, Hubspot, LinkedIn, Morningstar, NASA, The Incipient York Times, and Twilio, among its customers.

The development comes days after the Australian company unrolled security updates on August 25 for an OGNL (Object-Graph Navigation Language) injection imperfection that, in concrete instances, might be exploited to execute arbitrary code on a Confluence Server or Data Center instance.

Put differently, an adversary can leverage this impuissance to execute any command with equivalent sanctions because the utilizer running the accommodation, and worse, abuse the access to realize ascended administrative sanctions to stage further attacks against the host utilizing unpatched local susceptibilities.

The imperfection, which has been assigned the identifier CVE-2021-26084 and features a rigor rating of 9.8 out of 10 on the CVSS rating system, impacts all versions before 6.13.23, from version 6.14.0 afore 7.4.11, from version 7.5.0 afore 7.11.6, and from version 7.12.0 afore 7.12.5.

The issue has been addressed within the following versions:

  • 13.23
  • 4.11
  • 11.6
  • 12.5
  • 13.0

In the days since the patches were issued, multiple threat actors have seized the chance to maximize the imperfection by ensnaring potential victims to mass scan vulnerably susceptible Confluence servers and install crypto miners after a proof-of-concept (POC) exploit was publicly relinquished earlier in the week. Rahul Maini, one of the researchers involved, described the method of developing the CVE-2021-26084 exploit as “relatively simpler than expected.”


Share It On:

Recent Posts

Bajaj Platina Mileage Champion 2024: Dhangadhi Event Winners, Performance Highlights, and Fuel Efficiency Showcase

Bajaj Platina Mileage Champion 2024: Dhangadhi Event Winners, Performance Highlights,

Share It On: 25th December 2024, Kathmandu The ‘Bajaj Mileage Champion’ event took place in Dhangadhi, Kailali, where local riders

inDrive Partners with ICT Award 2024, Supports Innovation in Nepal’s Startup Ecosystem

inDrive Partners with ICT Award 2024, Supports Innovation in Nepal’s

Share It On:25th December 2024, kathmandu inDrive a global mobility and urban services platform, is proud to announce the winner of

Citizens Bank Easy Dental Partnership: Exclusive Discounts for Customers

Citizens Bank Easy Dental Partnership: Exclusive Discounts for Customers

Share It On: 25th December 2024, Kathmandu Citizens Bank International Ltd. has entered into a partnership with Easy Dental Pvt.

Bajaj Motorcycle Finance Fair 2024 in Nepal: Low Interest Rates & Easy Loan Approval

Bajaj Motorcycle Finance Fair 2024 in Nepal: Low Interest Rates

Share It On:25th December 2024, Kathmandu Hansraj Hulaschand & Company Pvt. Ltd., the official dealer of Bajaj Motorcycles in Nepal,

Daraz Nepal 1.1 Sale Offers Free Delivery, Up to 70% Off, and Exclusive Vouchers

Daraz Nepal 1.1 Sale Offers Free Delivery, Up to 70%

Share It On:25th December 2024, Kathmandu Daraz, the leading e-commerce platform in Nepal, is kicking off the New Year with

PhonePe Launches ‘Net Set Go’ Campaign: Win One Year of Free Internet

PhonePe Launches ‘Net Set Go’ Campaign: Win One Year of

Share It On:25th December 2024, Kathmandu PhonePe, the mobile banking app, has launched the ‘Net Set Go’ campaign in Nepal.