Home Just In Zero-day in Atlassian Confluence: Comment by Satnam Narang, Senior Staff Research Engineer, Tenable

Zero-day in Atlassian Confluence: Comment by Satnam Narang, Senior Staff Research Engineer, Tenable

by CIO AXIS

Atlassian published an advisory for a critical zero-day remote code execution vulnerability in Confluence Server and Data Centre. According to the advisory, this vulnerability has been exploited in the wild by attackers, and at this time, no patch is available. Successful exploitation would give an attacker remote code execution privileges and ultimately gain full system control. Here is a comment from Satnam Narang, Senior Staff Research Engineer, Tenable.

“The flaw was discovered by researchers at Volexity, who uncovered it as part of an incident response investigation over the Memorial Day weekend in the United States. Existing exploitation involved the use of web shells, including the China Chopper web shell. The presence of a web shell provides an attacker with the ability to maintain access to a compromised system even after a vulnerability like this one has been patched. We observed the same following exploitation of the ProxyShell vulnerability last year, where attackers implanted web shells onto vulnerable Microsoft Exchange Server instances.

“A number of Confluence Server versions are potentially vulnerable to this new flaw. So if an organisation is using one of the affected Confluence Server and Data Centre versions and it is publicly accessible over the internet, they are at significant risk. At this time, organisations are advised to restrict access to their Confluence Server and Data Centre instances by placing them behind a Virtual Private Network (VPN) or if feasible, disabling these instances altogether until a patch is available.

“While there are currently no exploitation details or proof-of-concept for this vulnerability, we know from history that attackers relish the opportunity to target Atlassian products like Confluence. We strongly encourage organisations to review these mitigation options until patches are available.” — Satnam Narang, Senior Staff Research Engineer, Tenable

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads