Home>Blog>The Hacker News Headlines>U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw
The Hacker News Headlines

U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw

atlassian confluenceatlassian confluence

The U.S. Cyber Command on Friday warned of ongoing mass
exploitation attempts in the wild targeting a now-patched critical
security vulnerability affecting Atlassian Confluence deployments
that could be abused by unauthenticated attackers to take control
of a vulnerable system.

“Mass exploitation of Atlassian Confluence CVE-2021-26084[1]
is ongoing and expected to accelerate,” the Cyber National Mission
Force (CNMF) said[2]
in a tweet. The warning was also echoed by the U.S. Cybersecurity
and Infrastructure Security Agency (CISA[3]) and Atlassian itself[4]
in a series of independent advisories.

Bad Packets noted[5]
on Twitter it “detected mass scanning and exploit activity from
hosts in Brazil, China, Hong Kong, Nepal, Romania, Russia and the
U.S. targeting Atlassian Confluence servers vulnerable to remote
code execution.”

Atlassian Confluence is a widely popular web-based documentation
platform that allows teams to create, collaborate, and organize on
different projects, offering a common platform to share information
in corporate environments. It counts several major companies,
including Audi, Docker, GoPro, Hubspot, LinkedIn, Morningstar,
NASA, The New York Times, and Twilio, among its customers.

The development[6]
comes days after the Australian company rolled out security updates
on August 25 for a OGNL[7]
(Object-Graph Navigation Language) injection flaw that, in specific
instances, could be exploited to execute arbitrary code on a
Confluence Server or Data Center instance.

Put differently, an adversary can leverage this weakness to
execute any command with the same permissions as the user running
the service, and worse, abuse the access to gain elevated
administrative permissions to stage further attacks against the
host using unpatched local vulnerabilities.

The flaw, which has been assigned the identifier CVE-2021-26084
and has a severity rating of 9.8 out of 10 on the CVSS scoring
system, impacts all versions prior to 6.13.23, from version 6.14.0
before 7.4.11, from version 7.5.0 before 7.11.6, and from version
7.12.0 before 7.12.5.

The issue has been addressed in the following versions —

  • 6.13.23
  • 7.4.11
  • 7.11.6
  • 7.12.5
  • 7.13.0

In the days since the patches were issued, multiple threat
actors have seized the opportunity to capitalize on the flaw by
ensnaring potential victims to mass scan vulnerable Confluence
servers and install crypto miners[8]
after a proof-of-concept (PoC) exploit was publicly released[9]
earlier this week. Rahul Maini, one of the researchers involved,
described[10] the process of
developing the CVE-2021-26084 exploit as “relatively simpler than
expected.”

References

  1. ^
    CVE-2021-26084
    (nvd.nist.gov)
  2. ^
    said
    (twitter.com)
  3. ^
    CISA
    (us-cert.cisa.gov)
  4. ^
    Atlassian itself
    (confluence.atlassian.com)
  5. ^
    noted
    (twitter.com)
  6. ^
    development
    (censys.io)
  7. ^
    OGNL
    (en.wikipedia.org)
  8. ^
    install
    crypto miners     (www.bleepingcomputer.com)
  9. ^
    publicly
    released     (github.com)
  10. ^
    described
    (twitter.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.