Background /What has happened?
A vulnerability (CVE-2021-26084) has been identified in certain self-hosted versions of Atlassian Confluence which can allow a remote malicious cyber actor to execute arbitrary code which could enable the actor to gain full control of a vulnerable server. Atlassian has identified that in some instances this vulnerability is able to be exploited by an unauthenticated user. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of scanning and attempted exploitation of this vulnerability.
Atlassian has identified that this vulnerability does not affect Confluence Cloud customers.
Further information on this vulnerability and specific affected versions is available in Atlassian’s security advisory
Proof of concept code to exploit CVE-2021-26084 is publicly available.
Mitigation / How do I stay secure?
Australian organisations who self-host Atlassian Confluence should identify any internet facing instances of Confluence as a priority. Internal instances of Confluence should also be identified.
Affected organisations should then implement the mitigation guidance recommended by the Atlassian security advisory. A patch and interim mitigation script is available from Atlassian.
Assistance / Where can I go for help?
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).