The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Atlassian Releases Patch for Maximum Severity Widely Exploited Vulnerability in Confluence Server and Data Center

Posted By on Jun 5, 2022

Atlassian has released a patch to fix a critical zero-day vulnerability that affects all supported versions of Confluence Server and Data Center. The vulnerability – tracked as CVE-2022-26134 – has a maximum CVSS severity score of 10 out of 10 and can be exploited remotely by unauthenticated attackers to achieve code execution. According to security researchers, exploiting the flaw is trivial, with no user interaction or privileges required.

Last week, cybersecurity firm Volexity detected exploitation of the vulnerability while responding to a security breach. The researchers were able to reproduce the exploit for the flaw and shared details of the vulnerability with Atlassian last week. Volexity reports that in the incident its researchers investigated, the attackers were most likely based in China and exploited the vulnerability to run malicious code and installed webshells such as BEHINDER and China Chopper. The attackers conducted reconnaissance, checked local confluence databases and dumped user tables, altered web access logs to remove traces of exploitation, and wrote additional webshells.

On Friday, Volexity President, Steven Adair, said in a Tweet, “It is clear that multiple threat groups and individual actors have the exploit and have been using it in different ways. Some are quite sloppy and others are a bit more stealth. Loading class files into memory and writing JSP shells are the most popular we have seen so far.”

Over the weekend, proof-of-concept exploits were widely released and exploitation accelerated. On Thursday, GreyNoise CEO, Andrew Morris said 23 IP addresses were attempting to exploit the flaw and by Friday the number had grown to 211.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

It is essential for the patch to be applied immediately on Confluence or Data Center servers to prevent exploitation. Atlassian says the following product versions are affected:  7.4.0, 7.13.0, 7.14.0, 7.15.0, 7.16.0, 7.15.1, 7.14.2, 7.17.0, 7.4.16, 7.18.0, 7.16.3, 7.13.6, and 7.17.3. Atlassian Cloud sites are unaffected.

Atlassian has fixed the vulnerability in versions: 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1. If it is not possible to patch immediately, it is essential to implement the mitigations suggested by Atlassian.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist