Dive Brief:
- Atlassian released a security update Friday to patch a critical zero-day vulnerability in Confluence Server and Data Center. The vulnerability (CVE-2022-26134) is being actively exploited. An attacker could control an affected device without need for authentication.
- The company notified impacted customers, according to a spokesperson. Atlassian Cloud sites were not affected.
- Federal agencies were earlier required to disconnect their systems, and the Cybersecurity and Infrastructure Security Agency previously updated its Known Exploited Vulnerabilities Catalog.
Dive Insight:
Confluence is a digital team workspace application, used by more than 75,000 customers, however the majority use the Cloud version.
Therefore, Atlassian has less visibility of on-premise compromised systems. So far, only a few companies have been alerted they’ve been exploited.
Atlassian's support team is working closely with those and other affected customers to implement the patch.
Eric Goldstein, executive assistant director for cybersecurity at CISA, told Cybersecurity Dive that affected customers should immediately implement Atlassian’s guidance.
Organizations should contact CISA about any potential intrusion.
Volexity, a Reston, Va.-based cybersecurity firm, discovered the vulnerability over the Memorial Day weekend when it found Java server page webshells being written to disk. Researchers alerted Atlassian May 31.
Confluence was previously the subject of a vulnerability last August. Cyber Command issued a warning less than a month later.
