Security News > 2022 > June > Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability
![Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability](/static/build/img/news/hackers-exploiting-unpatched-critical-atlassian-confluence-zero-day-vulnerability-medium.jpg)
Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild.
"Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server," it said in an advisory.
"There are currently no fixed versions of Confluence Server and Data Center available. Atlassian is working with the highest priority to issue a fix." Specifics of the security flaw have been withheld until a software patch is available.
Confluence Server version 7.18.0 is known to have been exploited in the wild, although Confluence Server and Data Center versions 7.4.0 and later are potentially vulnerable.
In the absence of a fix, Atlassian is urging customers to restrict Confluence Server and Data Center instances from the internet or consider disabling Confluence Server and Data Center instances altogether.
The development comes less than a year after another critical remote code execution flaw in Atlassian Confluence was actively weaponized in the wild to install cryptocurrency miners on compromised servers.
News URL
https://thehackernews.com/2022/06/hackers-exploiting-unpatched-critical.html
Related news
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
- High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) (source)
- TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability (source)
- Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast (source)
- Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers (source)
- Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)