Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Security breach in old version of Jira and Confluence

LoïcL
LoïcL
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 24, 2019

Hello,

I have old versions of Jira (7.3.6) and Confluence (6.1.3) installed on a windows 2012 R2 server. The maintenance licence is expired long time ago (may 2017).

The server has been attacked and crypted by a ransomware.

 

I asked to a security expert to tell me where is the security breach. After studying all the elements i have, he suspected jira or confluence to be the gateway because they have out of date versions and they run under a system account.

He can't be sure because all the files of the server are crypted (including jira and confluence logs).

The atlassian customer service sent me a website : CVE details (https://www.cvedetails.com/vulnerability-list/vendor_id-3578/product_id-8170/version_id-236329/Atlassian-Jira-7.3.6.html and https://www.cvedetails.com/vulnerability-list/vendor_id-3578/product_id-6258/version_id-216577/Atlassian-Confluence-6.1.3.html) that shows known vulnerabilities for my versions of jira and confluence.

I'm trying to find out if one of these vulnerabilities is the most likely cause of my problem.

Is there someone to help me understand the bottom line ?

Regards.

Answer
Watch
Like Be the first to like this
1701 views

1 answer

1 accepted

3 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
January 24, 2019

Neither of them list a vulnerability that would allow remote execution of packages that could contain ransomware.  I'm afraid it got there via some other route.

View More Comments
Deleted user
April 17, 2019

While neither of those patches had anything to do with code execution, this one did that just came out. https://confluence.atlassian.com/doc/confluence-security-advisory-2019-04-17-968660855.html 

Unfortunately it looks like the infection may have indeed come through confluence. Hope you had everything backed up at least

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security