The US Cyber Command issued a warning that the Atlassian Corp. PLC’s Confluence software is being exploited on a large scale and that users should patch their installations immediately.
The vulnerability, formally named CVE-2021-26084, was revealed by Atlassian on Aug. 25 and was described as allowing an authenticated user to execute arbitrary code on a Confluence Server or data centre instance. It also said that Confluence Cloud customers are not affected.
The issue affects all versions of Confluence starting at 4.xx through most versions of 6.x.x and 7.x.x.
Customers that have upgraded to versions 6.13.23, 7.11.6, 7.12.5, 7.13.0, or 7.4.11 are not affected.