In Part 2 of this blog, we are continuing the story by showing the hacker could easily give themselves persistent access to the server. The enterprise might have patched or upgraded the Confluence Server to a non-vulnerable version, but is it too late? Will the hacker still have server access? What about access to the rest of the network?
Confluenza and the Network Attack Surface, Part 1
Many organizations still have vulnerable Confluence Servers exposed to the public internet! This might make sense when using Confluence to collaborate with external users, partners, or customers. In many cases the protection is a firewall, a WAF, and strong authentication.
Confluenza: What is CVE-2021-26084 and why should you care
A remote code execution vulnerability of Atlassian Confluence was published and given the identifier CVE-2021-26084. The clever name Confluenza was later given to it. It affected virtually every version of Confluence that’s not hosted by Atlassian. A patch was made available that day, but we all know old versions die hard.