Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Confluence
Questions
Confluence Security Advisory 2022-06-02

Confluence Security Advisory 2022-06-02

Today we received a notification regarding Conference Security I want to know what we need to do regarding this Security issue because we are using Confluence cloud services which are managed by Jira.

we don’t have our own hosted services of confluence. So please guide me regarding this email.

1 answer

1 accepted

2 votes

Answer accepted

Hi @Muhammad Nafees and welcome to the community!

The official announcement states that Confluence cloud is NOT affected by this vulnerability. So you don't have to do anything.

Atlassian Cloud sites are protected

If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable. Our investigations have not found any evidence of exploitation of Atlassian Cloud.

Hope that helps!
Alex

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

thanks @Alex Koxaras _Relational_ for your quick response :)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Alex Koxaras _Relational_ likes this

No worries!
Kindly mark my answer as accepted, to help others.

Cheers!

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Hi @Alex Koxaras _Relational_ My org is on server version. Our Atalssian products are on a VPN, and authentication is required to reach the product. I did not see any mention of VPN hosted products being excluded from this vulnerability, so my assumption is that we are at risk. I just want to confirm that my statement is accurate. If VPN authentication is required to access our product, and none of our stack is front facing or exposed to the internet, would our system still be considered to be in a “critical” state?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Hi @Shawn McAtee ,

Unfortunately I am not eligible to answer this question with an official answer. I'm not part of the Atlassian team, but I am working with a solution partner. With our customers we left no exception. We notified everyone, those whose instance was exposed, but also behind a firewall or a vpn. If you were a client of mine, I would suggest that you also take actions against this. Keep in mind that Atlassian stated that most likely by the end of the day (PDT) they will have provide a fix.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • like this

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

DEPLOYMENT TYPE

CLOUD

PRODUCT PLAN

STANDARD

TAGS