| JP Vossen via plug on 4 Jun 2022 13:28:37 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Critical Confluence Vulnerability |
On 6/2/22 19:18, Chris Thistlethwaite via plug wrote:
This is a fun one, https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Just shut down Confluence if you have it running. -Chris
Yeah, that was a good one; 10 out 10 for bad, "unauthenticated remote code execution" and there was no fix for a while, either unplug it from the internet or turn it off. There are fixes now, and it turns out the flaw has been there for years: https://www.bleepingcomputer.com/news/security/atlassian-fixes-confluence-zero-day-widely-exploited-in-attacks/ ... _The company has now released patches and advises all customers to upgrade their appliances to versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1, which contain a fix for this flaw._ ... Later, JP -- ------------------------------------------------------------------- JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug