Recently Disclosed Atlassian Confluence Flaw Is Actively Exploited By Attackers To Install Cryptominers

Recently disclosed Atlassian Confluence remote code execution vulnerability is currently being actively exploited by hackers to install cryptominers. Atlassian Confluence is a popular web-based corporate team workspace that allows employees to collaborate on projects. According to Atlassian's recent advisory, "an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance." Atlassian has released patches fixing the flaw and has recommended users upgrade to the Long Term Support release. Read more...