Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,294,100
Community Members
 
Community Events
165
Community Groups

Confluence Security Advisory 2022-06-02

Today we received a notification regarding Conference Security I want to know what we need to do regarding this Security issue because we are using Confluence cloud services which are managed by Jira.

we don’t have our own hosted services of confluence. So please guide me regarding this email.

1 answer

1 accepted

2 votes
Answer accepted
Alex Koxaras Community Leader Jun 03, 2022

Hi @Muhammad_Nafees and welcome to the community!

The official announcement states that Confluence cloud is NOT affected by this vulnerability. So you don't have to do anything.

Atlassian Cloud sites are protected

If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable. Our investigations have not found any evidence of exploitation of Atlassian Cloud.

 

Hope that helps!
Alex

thanks @Alex Koxaras for your quick response :)

Like Alex Koxaras likes this
Alex Koxaras Community Leader Jun 03, 2022

No worries!
Kindly mark my answer as accepted, to help others.

Cheers!

Hi @Alex Koxaras My org is on server version. Our Atalssian products are on a VPN, and authentication is required to reach the product. I did not see any mention of VPN hosted products being excluded from this vulnerability, so my assumption is that we are at risk. I just want to confirm that my statement is accurate. If VPN authentication is required to access our product, and none of our stack is front facing or exposed to the internet, would our system still be considered to be in a “critical” state?

Alex Koxaras Community Leader Jun 03, 2022

Hi @Shawn McAtee ,

Unfortunately I am not eligible to answer this question with an official answer. I'm not part of the Atlassian team, but I am working with a solution partner. With our customers we left no exception. We notified everyone, those whose instance was exposed, but also behind a firewall or a vpn. If you were a client of mine, I would suggest that you also take actions against this. Keep in mind that Atlassian stated that most likely by the end of the day (PDT) they will have provide a fix.

Like # people like this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
Community showcase
Published in Confluence

Confluence: Where work and wellness meet

Feeling overwhelmed by the demands of work and life? With a 25% increase in the prevalence of anxiety and depression worldwide during the pandemic, for most of us, it’s a resounding yes . 🙋‍♀️ ...

773 views 5 21
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you