<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

Confluence Data Center Vulnerability Alert | January 2024

Confluence Data Center Vulnerability Overview

 

Background Information

Confluence issued a security advisory for a critical vulnerability impacting Confluence Data Center & Server, which is commonly used for collaboration and development. Note that the vulnerability does not impact Atlassian-hosted SaaS applications. Atlassian warns that customers running out-of-date versions are vulnerable to exploitation, including remote code execution by attackers. We recommend your organization immediately update to the latest version.

Impact of the Vulnerability

This vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5, which no longer receives backported fixes in accordance with Atlassian’s Security Bug Fix Policy.

Affected versions:

  • 8.0.x
  • 8.1.x
  • 8.2.x
  • 8.3.x
  • 8.4.x
  • 8.5.0-8.5.3

Corvus has observed similar vulnerabilities lead to data theft and ransomware attacks. There are no known workarounds for this vulnerability. To remediate, update each affected product installation to the latest version.

Note: Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Next Steps for Confluence Customers:

We encourage your organization to take the following steps to mitigate against potential attack:

  1. Update to the latest fixed version: 
    • Confluence Data Center and Server
      • Fixed Versions: 8.5.4 (LTS)

      • Latest Versions: 8.5.5 (LTS)

    • Confluence Data Center and Server
      • Fixed Versions: 8.6.0 (Data Center Only), 8.7.1 (Data Center Only)

      • Latest Versions: 8.7.2 (Data Center Only)

Recent Articles

Handling Cyber Objections: 'Cyber Insurance Is Too Expensive'


Clients may be quick to object to the cost of cyber insurance, but we'll unpack the real 'bang for your buck' argument to cyber coverage.

CDK Global Incident | June 2024


A popular auto dealer software is experiencing a cyber incident. Here's what you need to know.

Cyber and Construction: Laying Groundwork to Combat Digital Threats


The construction sector is facing urgent cybersecurity challenges. Learn more about unique risks and how creative underwriting solutions can help.