Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,294,100
Community Members
 
Community Events
165
Community Groups

Confluence Security Advisory 2022-06-02

Muhammad_Nafees
Muhammad_Nafees Jun 03, 2022

Today we received a notification regarding Conference Security I want to know what we need to do regarding this Security issue because we are using Confluence cloud services which are managed by Jira.

we don’t have our own hosted services of confluence. So please guide me regarding this email.

Answer
Watch
Like Be the first to like this
391 views

1 answer

1 accepted

2 votes
Answer accepted
Alex Koxaras
Alex Koxaras Community Leader Jun 03, 2022

Hi @Muhammad_Nafees and welcome to the community!

The official announcement states that Confluence cloud is NOT affected by this vulnerability. So you don't have to do anything.

Atlassian Cloud sites are protected

If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable. Our investigations have not found any evidence of exploitation of Atlassian Cloud.

 

Hope that helps!
Alex

View More Comments
Muhammad_Nafees
Muhammad_Nafees Jun 03, 2022 • edited

thanks @Alex Koxaras for your quick response :)

Like Alex Koxaras likes this
Alex Koxaras
Alex Koxaras Community Leader Jun 03, 2022

No worries!
Kindly mark my answer as accepted, to help others.

Cheers!

Like
Shawn McAtee
Shawn McAtee I'm New Here Jun 03, 2022 • edited

Hi @Alex Koxaras My org is on server version. Our Atalssian products are on a VPN, and authentication is required to reach the product. I did not see any mention of VPN hosted products being excluded from this vulnerability, so my assumption is that we are at risk. I just want to confirm that my statement is accurate. If VPN authentication is required to access our product, and none of our stack is front facing or exposed to the internet, would our system still be considered to be in a “critical” state?

Like
Alex Koxaras
Alex Koxaras Community Leader Jun 03, 2022

Hi @Shawn McAtee ,

Unfortunately I am not eligible to answer this question with an official answer. I'm not part of the Atlassian team, but I am working with a solution partner. With our customers we left no exception. We notified everyone, those whose instance was exposed, but also behind a firewall or a vpn. If you were a client of mine, I would suggest that you also take actions against this. Keep in mind that Atlassian stated that most likely by the end of the day (PDT) they will have provide a fix.

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
Community showcase
Meg Bailey
Meg Bailey
Published in Confluence

Confluence: Where work and wellness meet

Feeling overwhelmed by the demands of work and life? With a 25% increase in the prevalence of anxiety and depression worldwide during the pandemic, for most of us, it’s a resounding yes . 🙋‍♀️ ...

773 views 5 21
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you