Security News > 2021 > September > Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server

Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
2021-09-07 03:05

The maintainers of Jenkins-a popular open-source automation server software-have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner.

The "Successful attack," which is believed to have occurred last week, was mounted against its Confluence service that had been deprecated since October 2019, leading the team to take the server offline, rotate privileged credentials, and reset passwords for developer accounts.

"At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected," the company said in a statement published over the weekend.

The disclosure comes as the U.S. Cyber Command warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments.

Tracked as CVE-2021-26084, the flaw concerns an OGNL injection flaw that, in specific instances, could be exploited to execute arbitrary code on a Confluence Server or Data Center instance.

According to cybersecurity firm Censys, a search engine for finding internet devices, around 14,637 exposed and vulnerable Confluence servers were discovered right before details about the flaw became public on August 25, a number that has since dropped to 8,597 as of September 5 as companies continue to apply Atlassian's patches and pull afflicted servers from being reachable over the internet.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/NGsy6yHe1B8/latest-atlassian-confluence-flaw.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-30 CVE-2021-26084 Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-917
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Jenkins 637 21 1029 434 72 1556
Atlassian 58 3 259 104 46 412