already restored from backup

looks like it needs to be added to the "what to do" section in https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

> Are u sure that you linked the new inst folder to a copy of the home folder of the previous version?

don't understand, can you elaborate please?

on 7.13.0 (previous version) same behavior (after the vulnerability)

Because you are on a server instance, please verify that your new version is linked to the the correct DB before starting it.

Take a look to the following article https://confluence.atlassian.com/doc/configuring-a-datasource-connection-937166084.html

> Because you are on a server instance, please verify that your new version is linked to the the correct DB before starting it.

database correct, use the same parameters as before the vulnerability

’ll clarify again - we encountered a vulnerability, after which the confluence was opened on the license page (before that everything was configured correctly)

according to the documentation https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html, the solution is upgrade to version 7.13.7

after the upgrade the behavior is the same

and some more information - we use confluence in docker

this means that we can't change files in the /opt/atlassian/confluence/confluence/* directory (see Mitigation) because they in docker image

@Fabio Racobaldo _Herzum_ what to do if database configuration is correct?

CVE-2022-26134 vulnerability imply possible of data leak/loss?

My opinion is there's something missing in db configuration. Vulnerability doesn't imply data loss. I just upgraded two diefferent confluence instances without issues.

found files named as '__$$RECOVERY_README$$__.html' in home directory

with part of content like

<p>Can't you find the necessary files?<br>Is the content of your files not readable?</p>
<p>It is normal because the files' names and the data in your files have been encrypted by "Cer&#98;er&nbsp;Rans&#111;mware".</p>
<p>It means your files are NOT damaged! Your files are modified only. This modification is reversible.<br>From now it is not possible to use your files until they will be decrypted.</p>

<p>The only way to decrypt your files safely is to buy the special decryption software "Cer&#98;er&nbsp;Decryptor".</p>

<p>Any attempts to restore your files with the third-party software will be fatal for your files!</p>
<p>We have also downloaded a lot of private data from your network.<br>If you do not contact us in a 30 days, we will post information about your private data on public news webs.</p>
<hr>
<p class="w331208">You can proceed with purchasing of the decryption software at your personal page:</p>
<p><span class="info"><a id="megaurl" class="url" href="[link redacted]</a></span></p>
<p>At this page you will receive the complete instructions how to buy the decryption software for restoring all your files.</p>

are u sure about vulnerability doesn't imply data loss. ?

all files in home directory are prefixed with ".locked" (e.g. index.locked) which means they are encrypted

it seems that the vulnerability does imply data loss

@Fabio Racobaldo _Herzum_ if interested, can attach files from home directory

please could you share a screenshot of your home folder files?

I'm sorry but your server has been attacked by some ransomware virus (https://community.atlassian.com/t5/Confluence-questions/We-re-hit-by-Cerber-ransomware-help-needed/qaq-p/1909853) 

This is not a Confluence issue.

and the fact that it happened at the moment of vulnerability - just a coincidence?

it seems to me that vulnerability implies that anything can happen with confluence

I don't know if it is a coincidence or not

question was rhetorical )

at the moment of vulnerability confluence was hacked - obviously not a coincidence

any feedback about this?

maybe it's worth to adding information to https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html, vulnerability potentially lead to hacked / ransomewared and need to check confluence before trying to upgrade to versions with fix (sometimes for money, cause not everyone has a paid subscription) or reproduce steps from mitigation section (which is not entirely possible in the case of a docker image)?