Skip to main content

Remote code execution vulnerability present in certain versions of Atlassian Confluence

A vulnerability exists in certain self-hosted versions of Atlassian Confluence which could allow a malicious cyber actor to execute arbitrary code. Affected organisations should apply the available patch to mitigate this vulnerability.

Alert status
HIGH

Background /What has happened?

A vulnerability (CVE-2021-26084) has been identified in certain self-hosted versions of Atlassian Confluence which can allow a remote malicious cyber actor to execute arbitrary code which could enable the actor to gain full control of a vulnerable server. Atlassian has identified that in some instances this vulnerability is able to be exploited by an unauthenticated user. The ACSC is aware of scanning and attempted exploitation of this vulnerability.

Atlassian has identified that this vulnerability does not affect Confluence Cloud customers.

Further information on this vulnerability and specific affected versions is available in Atlassian’s security advisory

Proof of concept code to exploit CVE-2021-26084 is publicly available.

Mitigation / How do I stay secure?

Australian organisations who self-host Atlassian Confluence should identify any internet facing instances of Confluence as a priority. Internal instances of Confluence should also be identified.

Affected organisations should then implement the mitigation guidance recommended by the Atlassian security advisory. A patch and interim mitigation script is available from Atlassian.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).

Was this information helpful?
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it