Security News > 2021 > September > Atlassian Confluence flaw actively exploited to install cryptominers
Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released.
Atlassian Confluence is a very popular web-based corporate team workspace that allows employees to collaborate on projects.
On August 25th, Atlassian issued a security advisory for a Confluence remote code execution vulnerability tracked as CVE-2021-26084, allowing an unauthenticated attacker to remotely execute commands on a vulnerable server.
Soon after the article and PoC were published, cybersecurity companies began reporting that threat actors and security researchers were actively scanning and exploiting vulnerable Confluence servers.
From samples of the exploits posted by Bad Packets, BleepingComputer confirmed that the threat actors are attempting to install cryptominers on both Windows and Linux Confluence servers.
If your organization is running a Confluence server, it is strongly recommended to install the latest updates as soon as possible.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-30 | CVE-2021-26084 | Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 9.8 |