we're faced a vulnerability
after upgrade to 7.13.7 (according to documentation https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html) still asks to enter the license key, after entering license and database endpoint see
"Confluence data already exists in the selected database. You can either overwrite the existing data or go back to the database selection page:"
its meant data loss? how to fix?
looks like the section What You Need to Do is not complete (https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html)
first need to check your home directory, files, etc before update or "mitigate"
Because you are on a server instance, please verify that your new version is linked to the the correct DB before starting it.
Take a look to the following article https://confluence.atlassian.com/doc/configuring-a-datasource-connection-937166084.html
> Because you are on a server instance, please verify that your new version is linked to the the correct DB before starting it.
database correct, use the same parameters as before the vulnerability
’ll clarify again - we encountered a vulnerability, after which the confluence was opened on the license page (before that everything was configured correctly)
according to the documentation https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html, the solution is upgrade to version 7.13.7
after the upgrade the behavior is the same
found files named as '__$$RECOVERY_README$$__.html' in home directory
with part of content like
<p>Can't you find the necessary files?<br>Is the content of your files not readable?</p>
<p>It is normal because the files' names and the data in your files have been encrypted by "Cerber Ransomware".</p>
<p>It means your files are NOT damaged! Your files are modified only. This modification is reversible.<br>From now it is not possible to use your files until they will be decrypted.</p>
<p>The only way to decrypt your files safely is to buy the special decryption software "Cerber Decryptor".</p>
<p>Any attempts to restore your files with the third-party software will be fatal for your files!</p>
<p>We have also downloaded a lot of private data from your network.<br>If you do not contact us in a 30 days, we will post information about your private data on public news webs.</p>
<p class="w331208">You can proceed with purchasing of the decryption software at your personal page:</p>
<p><span class="info"><a id="megaurl" class="url" href="[link redacted]</a></span></p>
<p>At this page you will receive the complete instructions how to buy the decryption software for restoring all your files.</p>
are u sure about vulnerability doesn't imply data loss. ?
I'm sorry but your server has been attacked by some ransomware virus (https://community.atlassian.com/t5/Confluence-questions/We-re-hit-by-Cerber-ransomware-help-needed/qaq-p/1909853)
This is not a Confluence issue.
any feedback about this?
maybe it's worth to adding information to https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html, vulnerability potentially lead to hacked / ransomewared and need to check confluence before trying to upgrade to versions with fix (sometimes for money, cause not everyone has a paid subscription) or reproduce steps from mitigation section (which is not entirely possible in the case of a docker image)?
Feeling overwhelmed by the demands of work and life? With a 25% increase in the prevalence of anxiety and depression worldwide during the pandemic, for most of us, it’s a resounding yes . 🙋♀️ ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events