Security News > 2022 > June > Atlassian: Unpatched years-old flaw under attack right now to hijack Confluence
Atlassian has warned users of its Confluence collaboration tool that they should either restrict internet access to the software, or disable it, in light of a critical-rated unauthenticated remote-code-execution flaw in the product that is actively under attack.
The flaw is present in version 7.18 of Confluence Server, which is under attack, as well as potentially versions 7.4 and higher of Confluence Server and Confluence Data Center.
"There are currently no fixed versions of Confluence Server and Data Center available," the advisory states.
Restricting Confluence Server and Data Center instances from the internet.
While any critical-rated flaw that's under attack is very bad news, many Atlassian users may have dodged the bullet because version 7.18 of Confluence Server was announced on May 30 and is therefore unlikely to be widely deployed.
Users of Confluence 7.4 have more to worry about, as that version was released in April 2020, and it is "Potentially vulnerable," according to Atlassian.