In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
Published: 2021-09-07
Recently disclosed critical flaw in Atlassian Confluence Server is being exploited in the wild by attackers. Organizations should apply patches immediately. Background On August 25, Atlassian published a security advisory for a critical vulnerability in its Confluence Server and Data Center software.
https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a
https://www.greynoise.io/blog/spike-in-atlassian-exploitation-attempts-patching-is-crucial
https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/?web_view=true
https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://therecord.media/confluence-and-gitlab-servers-targeted-by-new-ransomware-strain
https://www.tenable.com/blog/examining-the-treat-landscape
https://jira.atlassian.com/browse/CONFSERVER-67940
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html