According to the American Cybercom organisation, this is a critical vulnerability in Atlassian Confluence that is being actively exploited worldwide.
Vulnerability CVE-2021-26084 in Atlassian Confluence’s wiki software. The bug is bad enough that US Cybercom, the cybersecurity arm of the Department of Defense, is issuing a warning. “Mass exploitation of Atlassian confluence CVE-2021-26084 is ongoing and expected to accelerate,” the statement said Friday.
The organisation also advised companies to patch as soon as possible. It is currently an extended weekend in the United States. That is a favourite moment for cyber-attacks because it often takes longer for someone from the company to notice something.
Confluence is popular wiki software, often used for intranet, for example. A series of gangs are currently scanning for openings to get into businesses through the vulnerability.
Atlassian itself stated on August 25 that a critical vulnerability had been found in several Confluence Server and Data Center versions, where a user could run code on the software without permission. A patched version has been released. In addition, the vulnerability appears to only exist on “on-premise” servers, not on versions of Confluence hosted in the cloud.