Security News > 2021 > August > Atlassian warns of critical Confluence flaw

Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw.

Atlassian has released fixed versions of the product - namely versions 6.13.23, 7.4.11, 7.11.6, 7.12.5, and 7.13.0 - but the company's advisory suggests upgrading to the latest long-term service release.

Atlassian's advisory notes that a full upgrade is not possible for all users, so they need to step up to the clean double-point versions mentioned above before contemplating the step to version 7.13.

Atlassian hasn't mentioned whether the flaw has its roots in open-source code, or its own efforts.

The Register cannot find a reference to the flaw beyond the Australian company's advisory and documents.

The flaw was discovered by Benny Jacob through the Atlassian public bug bounty program.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/26/atlassian_critical_confluence_flaw/