Introduction
Atlassian have published an advisory on a Critical severity unauthenticated remote code execution vulnerability affecting all supported versions of Confluence Server and Confluence Data Center.
Threat actors are actively exploiting this vulnerability. An analysis of the vulnerability and some IP’s of threat actors was published by Volexity.
This IOC list on GitHub contains some IP’s known to be attempting to exploit this vulnerability.
Mitigations
Update
Atlassian have released Fixed Versions to patch this vulnerability. Please follow the instructions from the Atlassian advisory.
Fixed versions:
- 7.4.17
- 7.13.7
- 7.14.3
- 7.15.2
- 7.16.4
- 7.17.4
- 7.18.1