NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. If you run Confluence in a cluster, make sure that this script runs on all nodes. The expected output should show the status of up to five files updated, encounter no errors (errors will usually show in red) and end with:Ĩ. Due to PowerShell’s default restrictive execution policy, run the PowerShell using this exact command: Open Windows PowerShell (and run as administrator).Ħ. $INSTALLATION_DIRECTORY=’C:\Program Files\Atlassian\Confluence’ĥ. Replace Set_Your_Confluence_Install_Dir_Here with your Confluence installation directory, for example: Edit cve-2021-26084-update.ps1 and set INSTALLATION_DIRECTORY.
Download cve-2021-26084-update.ps1 to the Confluence Windows server:ģ. If you run Confluence in a cluster, make sure that this script runs on all nodes.Ĭonfluence server on a Windows operating system:Ģ. The number of updated files will differ, depending on your Confluence version.ĩ. The expected output should confirm up to five files updated and end with: # In this second example, we need to change to the ‘confluence’ userĨ. # In this first example, we change to the ‘root’ userĭrwxr-xr-x 3 confluence confluence 4096 Aug 18 17:07 bin $ ls -l /opt/atlassian/confluence | grep binĭrwxr-xr-x 3 root root 4096 Aug 18 17:07 bin Change to the Linux user that owns files in the Confluence installation directory, for example: Assign the script execution permission.Ħ. INSTALLATION_DIRECTORY=/opt/atlassian/confluenceĥ. Edit cve-2021-26084-update.sh and set INSTALLATION_DIRECTORY to your Confluence installation directory, for example: Download cve-2021-26084-update.sh to the Confluence Linux server:ģ. You don’t need to shut down the whole cluster.Ģ. If you run Confluence in a cluster, repeat this process on each node.
If users are unable to upgrade the products immediately, run the following scripts on the operating system on which Confluence is hosted:Ĭonfluence server on a Linux-based operating system: If users cannot upgrade to the latest version for the time being, they can upgrade it to a version that has this vulnerability fixed, as shown in the following table: Affected Version Users are advised to upgrade Confluence Server and Confluence Data Center to the latest version to ensure the security and stability of this service. For this purpose, users can select About Confluence to check the current version of Confluence. Users can check the current Confluence version to determine whether it is affected. It is a knowledge management tool that enables team collaboration and knowledge sharing.
Affected users should take preventive measures as soon as possible.Ītlassian Confluence is a professional wiki program provided by Atlassian. This vulnerability is assigned a CVSS score of 9.8.
This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a crafted OGNL expression.
However, cyber criminals from around the world have since been detected as scanning for vulnerable systems and launching attacks.Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084).
This was presumably to avoid fuelling any future attacks before businesses had a chance to apply the fix.Ītlassian disclosed this vulnerability a couple of weeks ago and urged businesses to patch their systems at the time.
The firm had never publicly revealed the precise exploit mechanisms, though, beyond describing the flaw as a Confluence Server Webwork OGNL injection. It’s rated 9.8 on the CVSS threat severity scale out of ten, suggesting it’s highly exploitable.
Rather, the on-premises versions of the product are those susceptible to exploitation. The vulnerability, which is embedded in the Atlassian Confluence Server and Confluence Data Center products, can allow an unauthorised attacker to execute arbitrary code on either of the affected platforms.Ĭonfluence Cloud, which is hosted on public cloud environments, isn’t affected by the flaw. “This cannot wait until after the weekend.”Ĭonfluence is a workplace collaboration platform that allows teams to work together remotely on projects or ideas. “Please patch immediately if you haven’t already,” the notice added.