Atlassian’s Confluence hit with critical remote code execution bugs

Fix includes updating to the latest version

The vulnerability affects versions 5.2, 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.8.0, 8.7.1, 8.9.0 of Confluence Data Center as well as Atlassian Server. Fixes for the flawed software are included in the versions 8.9.1, 8.5.9, and 7.19.22, patching all the affected versions.

“Atlassian recommends that Confluence Server customers upgrade to the latest version,” said Atlassian in the advisory. “If you are unable to do so, upgrade your instance to one of the specified supported fixed versions.”

Additionally, SonicWall has provided two Intrusion Prevention Signatures (IPS) signatures for customers to prepare against exploitation.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button