Today we received a notification regarding Conference Security I want to know what we need to do regarding this Security issue because we are using Confluence cloud services which are managed by Jira.
we don’t have our own hosted services of confluence. So please guide me regarding this email.
Hi @Muhammad Nafees and welcome to the community!
The official announcement states that Confluence cloud is NOT affected by this vulnerability. So you don't have to do anything.
Atlassian Cloud sites are protected
If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable. Our investigations have not found any evidence of exploitation of Atlassian Cloud.
Hope that helps!
Alex
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No worries!
Kindly mark my answer as accepted, to help others.
Cheers!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Alex Koxaras _Relational_ My org is on server version. Our Atalssian products are on a VPN, and authentication is required to reach the product. I did not see any mention of VPN hosted products being excluded from this vulnerability, so my assumption is that we are at risk. I just want to confirm that my statement is accurate. If VPN authentication is required to access our product, and none of our stack is front facing or exposed to the internet, would our system still be considered to be in a “critical” state?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Shawn McAtee ,
Unfortunately I am not eligible to answer this question with an official answer. I'm not part of the Atlassian team, but I am working with a solution partner. With our customers we left no exception. We notified everyone, those whose instance was exposed, but also behind a firewall or a vpn. If you were a client of mine, I would suggest that you also take actions against this. Keep in mind that Atlassian stated that most likely by the end of the day (PDT) they will have provide a fix.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.