Take immediate action to protect your instance
We have discovered that Confluence Data Center and Server customers on out-of-date versions including 8.4.5 are vulnerable to a remote code execution (RCE) attack if exploited by an unauthenticated attacker. This vulnerability carries a CVSS score of 10, the highest critical rating, and you must take immediate action to protect your instance. Please review the Critical Security Advisory to verify affected versions and instructions.
NOTE: We urge ALL Confluence Data Center and Server customers to also review Atlassian’s January Security Bulletin and take timely action to protect your instances from those non-critical vulnerabilities. You can register for Security Bulletin alerts in the Tech Alerts section of the your email preferences.
Atlassian found these vulnerabilities during our continuous security assessments. Customer security is our top priority, and we believe that acting proactively is the best approach to protecting your data.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
If you have questions, please raise a support request via the instructions included in the advisory.
Emir Mutlu
0 comments