Security News

Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. Today, Atlassian released a security advisory disclosing that CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability tracked in both Confluence Server and Data Center.

Atlassian has warned users of its Confluence collaboration tool that they should either restrict internet access to the software, or disable it, in light of a critical-rated unauthenticated remote-code-execution flaw in the product that is actively under attack. The flaw is present in version 7.18 of Confluence Server, which is under attack, as well as potentially versions 7.4 and higher of Confluence Server and Confluence Data Center.

As the company's Chief Technology Officer Sri Viswanath revealed on April 14th, nine days after the incident started, a maintenance script accidentally wiped hundreds of customer sites due to communication issues between two Atlassian teams working on deactivating a legacy app. The 14-day-long outage impacted a very small set of Atlassian customers between April 5th and April 18th. The first set of impacted sites was restored until April 8th and the rest of the affected customer sites by April 18th. During the incident, the following Atlassian products have been unavailable for impacted customers: the entire Jira family of products, Confluence, Atlassian Access, Opsgenie, and Statuspage.

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph.

Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company's web application security framework.Seraph is used in Jira and Confluence for handling all login and logout requests via a system of pluggable core elements.

Atlassian has finally revealed the exact cause of an ongoing cloud services outage the company estimates could impact some of its customers for up to two more weeks. When we first reported on this outage, Atlassian told us that a routine maintenance script blocked some customers' access to their data after "Unintentionally" disabled the sites of roughly 400 out of its over 200,000 customers.

Atlassian, a UK-based company making software development and collaboration tools, estimates it might take two more weeks to restore all customer instances impacted by a week-long ongoing outage affecting its cloud services. While the impact on businesses using its products is undeniable, Atlassian said only around 400 of its more than 200,000 customers are affected.

An ongoing outage affects numerous Atlassian customers, causing their Jira and Confluence instances to not be accessible for over twenty-four hours. The outage started at approximately 5 AM EST yesterday, with Jira and Confluence customers no longer able to access their cloud instances.

Atlassian has demonstrated the interconnectedness of all things with a warning that some versions of Bitbucket Data Center and Confluence Data Center require patching courtesy of the Hazelcast Java deserialization vulnerability. Hazelcast is an in-memory data grid and spreads data over the nodes of a cluster and is used for efficiency and performance via its in-memory tech.

Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as CVE-2021-26084, the vulnerability concerns an OGNL injection flaw that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance.