Patch now! Attacks on Atlassian Confluence
After a default password appeared on social media platforms, attackers target Confluence. But not all instances are vulnerable.
Admins of the wiki software Atlassian Confluence Server and Confluence Data Center should immediately install the available security updates. Attackers are currently using a “critical” Gap closed. Confluence Cloud is not affected.
However, the vulnerability (CVE-2022-26138) only makes instances vulnerable if the Q&A application Questions for Confluence is installed. This creates an account with a hard-coded password. Now the password is in circulation and attackers are accessing Confluence instances, security researchers from Rapid7 warn in a post.
Atlassian explains in a message how admins can check whether there have already been attacks. Questions for Confluence versions 2.7.34, 2.7.35 and 3.0.2 are at risk. The developers state that Issues 2.7.38 and 3.0.5 to be secured against the attacks. The first information about the gap became public about a week ago.
