In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
The attack has been reported to have affected Jenkins. The developers of the Jenkins server, one of the most widely used open-source automation systems, said they suffered a security breach after hackers gained access to one of their internal servers built on Confluence and deployed a cryptocurrency miner.
The Jenkins breach is part of a recent wave of attacks exploiting CVE-2021-26084 (also nicknamed Confluenza), an authentication bypass and command injection bug in Atlassian’s Confluence server which is reported as an OGNL injection vulnerability that allows an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
This vulnerability is being actively exploited in the wild. Affected servers should be patched immediately.
The issue was discovered by Benny Jacob (SnowyOwl) via the Atlassian public bug bounty program.
It has been listed as a low priority at Atlassian despite it being reported to have a critical severity.