Security News > 2021 > September > Atlassian Confluence flaw actively exploited to install cryptominers

Atlassian Confluence flaw actively exploited to install cryptominers
2021-09-02 20:54

Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released.

Atlassian Confluence is a very popular web-based corporate team workspace that allows employees to collaborate on projects.

On August 25th, Atlassian issued a security advisory for a Confluence remote code execution vulnerability tracked as CVE-2021-26084, allowing an unauthenticated attacker to remotely execute commands on a vulnerable server.

Soon after the article and PoC were published, cybersecurity companies began reporting that threat actors and security researchers were actively scanning and exploiting vulnerable Confluence servers.

From samples of the exploits posted by Bad Packets, BleepingComputer confirmed that the threat actors are attempting to install cryptominers on both Windows and Linux Confluence servers.

If your organization is running a Confluence server, it is strongly recommended to install the latest updates as soon as possible.


News URL

https://www.bleepingcomputer.com/news/security/atlassian-confluence-flaw-actively-exploited-to-install-cryptominers/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-30 CVE-2021-26084 Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-917
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 3 259 104 46 412