Tuesday, November 19, 2024
HomeVulnerabilitiesAtlassian Confluence Vulnerability Under Active Exploitation

Atlassian Confluence Vulnerability Under Active Exploitation

Atlassian, one of the famous Software products development companies has come into limelight once again after having some active vulnerabilities in its web-based corporate Wikipedia, Confluence.

What’s the Bug causing recent Vulnerability?

There have been several cases of compromises in its products in the past too. Atlassian recently mend the critical flaws in its Confluence Server and Data Center, after they became the hot cake for the attackers in the market.

The actual culprit is a bug named CVE-2022-26138 that makes a hard-coded password a child’s play for the hackers to compromise the Confluence Server Pages, though sitting at remote locations. The main reason for these exploitations is considered the release of hard-coded credentials on Twitter by the company itself. After this mistake, the company is now forced to patch up the loopholes, for preventing future attacks.

Rapid7 Security Researcher Glenn Thorpe said that it was quite easy for the hackers to break into the Company’s Confluence Domain once the credentials were released socially. This made Confluence even more popular amongst the actors, who were previously also using this platform to carry out Ransomware attacks.

Click here to study some recent vulnerabilities affecting software worldwide.

Bugs that were found as the main culprit for the occurrence of past and current attacks:

CVE-2022-26136 & CVE-2022-26137: These caused multiple servlet filter vulnerabilities, which impacted the following products:

  1. Jira Server and Data Center
  2. Jira Service Management Server and Data Center
  3. Crucible
  4. Confluence Server and Data Center
  5. Crowd Server and Data Center
  6. Bitbucket Server and Data Center
  7. Bamboo Server and Data Center
  8. Fisheye

CVE-2022-26138: It caused the hardcoded passwords to be compromised in the Confluence app and caused severe damage to the following:

  1. Confluence Data Center
  2. Confluence Server

Researchers also found a peculiar thing; that this bug exists only when the Questions Tab/ section of the Confluence app is set up. However, uninstalling Questions does neither help as the user account is not deleted on uninstalling the app.

Versions of the Confluence app that are being affected by CVE-2022-26138:

  1. 2.7.34
  2. 2.7.35
  3. 3.0.2

The attacks have been more threatening for the remote victims recently as the hackers are continuously scanning for the compromised nodes, immediately 15 minutes after it was publicly announced that there exists a security flaw in Confluence.

Cure against the affected Products:

As of now, there have been no proper treatments announced or found for the threats, however, the affected users are advised to simply update to new versions of 2.7.38 and 3.0.5 immediately or simply delete their accounts permanently.

If you want to read more articles based on cybersecurity and networks you are at the right place here.


By: Ankita Anand

Editor: Sneha


Found this post interesting? Then please share your support by with people who can be helped with this information. Please follow cybermetrics.eu and Signup for our weekly news feed.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments