Security News > 2021 > September > Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns
2021-09-28 20:33

Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems.

Tracked as CVE-2021-26084, the vulnerability concerns an OGNL injection flaw that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance.

The vulnerability, which resides in the Webwork module of Atlassian Confluence Server and Data Center, stems from an insufficient validation of user-supplied input, causing the parser to evaluate rogue commands injected within the OGNL expressions.

In one such attack observed by Trend Micro, z0Miner, a trojan, and cryptojacker, was found updated to leverage the remote code execution flaw to distribute next-stage payloads that act as a channel to maintain persistence and deploy cryptocurrency mining software on the machines.

"As is often the case with RCE vulnerabilities, attackers will rush and exploit affected systems for their own gain," Imperva researchers said.

"RCE vulnerabilities can easily allow threat actors to exploit affected systems for easy monetary gain by installing crypto currency miners and masking their activity, thus abusing the processing resources of the target."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/8IopGOimhFY/atlassian-confluence-rce-flaw-abused-in.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-30 CVE-2021-26084 Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-917
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 3 259 104 46 412