Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed
Proof of concept (PoC) exploit code for a critical vulnerability that Atlassian disclosed in its Confluence Data Center and Server technology has become publicly available, heightening the need for organizations using the collaboration platform to immediately apply the company’s fix for it. ShadowServer, which monitors the Internet for malicious activity, on Nov. 3 reported that it observed attempts to exploit the Atlassian vulnerability from at least 36 unique IP addresses over the last 24 hours. ShadowServer described the increasing exploit activity as involving attempts to upload files and set up or to restore vulnerable Internet accessible Confluence instances. “We see around 24K exposed (not necessarily vulnerable),” Atlassian Confluence instances ShadowServer said.