Security News > 2022 > June > Atlassian announces 0-day hole in Confluence Server – update now!
There's no alert about the bug visible on the company's main web page, which features the company's best-known tools JIRA and Trello, but you'll find Confluence Security Advisory 2022-06-02 on the Confluence sub-site.
Webshells are a nasty way of opening up a backdoor into a network using an attack that sometimes requires attackers to do little more than write one tiny file into part of a web server where content is stored.
As long as the attacker can control the name of the webshell file they've implanted, then they can simply visit the server URL that corresponds to that file, any time they like.
Even though Volexity decided to blog about this security hole publicly rather than disclosing it privately to Atlassian and giving the company a few days to fix it quietly, both parties seem to have kept enough details under wraps that we aren't aware of any "Here's how you do it, folks!" sample code floating around at the moment.
Atlassian is advising customers who can pre-filter incoming web data to look out for URLs containing $ character strings.
That's because we're assuming that the patch is likely to reveal the nature of the attack and how to exploit it, and thus that proof-of-concept files and actual attacks will soon follow.