Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Security pentest scan on our Confluence environment - see attached screenshot

Dirk_van_Gelderen
Dirk_van_Gelderen April 10, 2020

Within our company we make use of the IT security company CyberSprint. they have a webportal which monitors our digital footprint 24x7. They've found a vulernability on our confluence environment - https://knowledgebase.deheus.com/

See attached screenshot with the result.

who do I have to do to mitigate this founded vulnerability?

Could you support me in this?

Many thanks

1.jpg

Answer
Watch
Like Be the first to like this
418 views

1 answer

0 votes
Brant Schroeder
Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 10, 2020

Is all that error is telling you to do is harden your system.  Depending on what information you have there are many different ways to do this.

Here are Atlassian's recommendations on security best practices.  https://confluence.atlassian.com/doc/best-practices-for-configuring-confluence-security-216433533.html    

If you have very sensitive data in confluence you can do things like:   Lock down the application so it can only be accessed through your intranet / VPN, Implement multi factor authentication, Encrypt the DB, etc.

You should work with your security team to determine the best course of action to safeguard your information.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events