Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Confluence Server & Confluence Data Center vulnerability Actively Exploited in the wild, CVE-2021-26084 CVSS 9.8 RCE
Image
Published : 06/09/2021
Reference:
Advisory #2021-017
Version:
1.0
Affected software:
Atlassian Confluence Server and Data Center 6.14.0 - 7.4.11
Atlassian Confluence Server and Data Center 7.12.0 before 7.12.5
Atlassian Confluence Server and Data Center 7.5.0 before 7.11.6
Atlassian Confluence Server and Data Center up to 6.13.23
Type:
Remote Code Execution (RCE)
CVE/CVSS:
CVE-2021-26084 CVSS: 9.8
Sources
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
Risks
The Centre for Cyber security Belgium (CCB), is aware of an actively exploited vulnerability targeting Confluence Server and Confluence Data Center software. A remote attacker could exploit this vulnerability to take control of a vulnerable system.
Description
On August 25, 2021, Atlassian released security updates to address a remote code execution vulnerability (CVE-2021-26084).
Currently, threat actors are targeting Confluence Server and Confluence Data Center software exploiting CVE-2021-26084 in the wild.
The vulnerability resides in an OGNL injection vulnerability that could allow an authenticated user, and even an unauthenticated user if the ‘Allow people to sign up to create their account’ is enabled, to execute arbitrary code on a Confluence Server or Data Center instance.
To check whether the ‘Allow people to sign up to create their account’ feature is enabled go to COG > User Management > User Signup Options.
Remark: Confluence Cloud customers are not affected.
Recommended Actions
General upgrade path
- upgrade to version 7.13.0 (LTS) or higher.
Alternative upgrade path
- If you are running 6.13.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 6.13.23.
- If you are running 7.4.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 7.4.11.
- If you are running 7.11.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 7.11.6.
- If you are running 7.12.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 7.12.5.
The CCB advises administrators of Confluence Server and Confluence Data Center software to follow the advice of Atlassian and apply the necessary updates immediately.
The CCB advises organisations to upscale monitoring and detection capabilities to detect any related suspicious activity to ensure a fast response in case of an intrusion.