Atlassian Confluence CVE-2021-26084 Exploited
When I read this post, I thought it was about the vulnerability of Atlassian Confluence and the fact that it was exploited on a Linux system. But no, this post was about a security issue in JIRA (and that too has been exploited). While that is an interesting part of this post, I really don’t care that much about JIRA. The other post, that I don’t read much, is about the Java exploitation, but even that is not interesting enough for me to go deep into. In any case, back to this post, I will summarize the security issue.
To begin with, I am not a big fan of JIRA. It was originally an open source project (written in Java), and its developers have been making the project more and easier to adopt. This means that it has been made more open by making it easier to adopt. Even JIRA itself has been made open and free. This means the vulnerability that is found with JIRA was not due to some security hole or bug in JIRA itself, but a vulnerability in JIRA itself.
The other reason why I dislike JIRA is that I do not like the project very much. It has been made open to many people and the bugs that were found with it have been reported to many people and not to JIRA itself. This was made even worse for me, because JIRA is a good tool for collaboration, and for me, collaboration in the open source world means talking to other people, not reporting on your own bugs in the software.
I do not want to see JIRA become more open, because that would mean I have to use some external online collaboration tool. I do not want to have to have open tickets on the online JIRA ticketing forum, but I also do not want to use another tool that is supposed to solve all these issues, because there are always new and interesting issues that come up.
This is why I do not like using JIRA at all.
US Cybercom warns that Atlassian Confluence CVE-2021-26084 is actively exploited.
CVE-2021-26084: CVE-2021-26084 is an active vulnerability in Atlassian Confluence. The full text of this security bulletin and additional information about the vulnerability is available in the Security Bulletin for Confluence, a freely available resource. The complete release notes are available in the Security Bulletin for Confluence R1, R2, and R3. See also the Security Bulletin for Confluence, a freely available resource.
The vulnerability is being referred to as CVE-2021 in the bulletin, not the CVE-2021c because it only affects Confluence.
CVE-2021 has been exploited in two ways, both of which should be mitigated.
The first is by the default Confluence vulnerability checkbox in the configuration page, which is checked by default if you are running Confluence Enterprise. This checkbox must be turned off when you are not running Confluence or when you are running a custom version of Confluence Enterprise. This is because it is the default option, and because it should be possible to set it to “off” so that only the security risk on the Confluence server is checked.
The security bulletin describes (in the section on the Confluence server) how to disable the default checkbox in the configuration page.
The second way that this vulnerability may be exploited is by the configuration page. When an affected server is created, the configuration page might be configured with the “Server Security Settings” field, with the default setting, “Off”, by default. In this case, the user will not be able to enter or submit security-sensitive information on the Confluence server.
The security bulletin describes a way to force the server checkbox to be checked in a configuration.
Bad packets: detection of remote code execution on Atlassian confluence servers
An analysis of RCE vulnerability in Atlassian confluence
Abstract: Risk-aware control systems are the key enablers in securing the applications and systems that make up the Internet of Things (IoT). However, the problem of the RCE vulnerability in Confluence is only now being understood and reported. This vulnerability could make the systems that depend on Confluence, particularly the ones that interact with Confluence, vulnerable to RCE attacks. In this paper, we attempt to summarize the security concerns of RCE vulnerabilities in Confluence. We also assess the security of Confluence to make informed security decisions. Finally, we suggest some recommendations for minimizing the risk of RCE attack.
Mention of a specific author should be limited to name, affiliation and the reference(s) in the paper if it is available.
While we cannot make any judgment about whether the Confluence platform and the Confluence API are inherently insecure, it is possible that the platform and the API could be exploited by other parties to create vulnerabilities. If so, the infrastructure, even as it exists today, could become vulnerable, and could be vulnerable for a period of (potentially) extended time. The Confluence platform was built using open-source and freely available components.
Tips of the Day in Network Security
With network security in the headlines every single day, there seems to be a steady stream of articles on the topic. These articles tend to focus on the most recent exploits, the most recent attacks and the latest headlines from the industry, to the detriment of looking at the past and present and the status of the network as a whole.
I will try to be as objective as I can, but also keep an eye on trends within the industry and a bit of light on what is working on the network.
A lot of the information comes from the industry itself, there’s some information on hackers (what they do and what they do with their resources) and on the hacking scene in general.
There’s some useful information about the security of the network’s infrastructure, with some tips for network administrators and some general security tips.
So, take the information that is out there, then ask yourself.
How many out there.