ShareShare on LinkedIn.Share on Facebook.Share on Twitter.Share via email.

Confluence Server and Data Center security advisory

June 3, 2022
<p>We want to alert you to a critical severity vulnerability in Confluence Data Center and Server.<br></p> <p>There is known exploitation of this vulnerability in Confluence Server version 7.18.0. Subsequent testing indicates that multiple versions of Confluence Server and Data Center, including version 7.4.0 and newer, are vulnerable.</p> <p>Atlassian is actively working on a patch for affected versions and will communicate further details about the vulnerability and updates on a patch in our security advisory <a rel="noreferrer noopener" href="https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html?utm_source=alert-email&amp;utm_medium=email&amp;utm_campaign=Confluence%20Server%20and%20Data%20Center-advisory-june-2022_EML-13318&amp;jobid=105601969&amp;subid=1529326420" data-type="URL" data-id="https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html?utm_source=alert-email&amp;utm_medium=email&amp;utm_campaign=Confluence%20Server%20and%20Data%20Center-advisory-june-2022_EML-13318&amp;jobid=105601969&amp;subid=1529326420" target="_blank">here</a>.<br></p> <p>There are currently no fixed versions of Confluence Server and Data Center available. In the interim, customers should work with their security team to consider the best course of action. Options to consider include:</p> <ul><li>Restricting Confluence Server and Data Center instances from the internet.</li><li>Disabling Confluence Server and Data Center instances.</li></ul> <figure class="wp-block-image size-full is-resized"><img src="https://wordpress.highwaythreesolutions.com/wp-content/uploads/2022/06/image-1-edited.png" alt="Note that Atlassian Cloud sites are protected. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable. Atlassian's investigators have not found any evidence of exploitation of Atlassian Cloud." class="wp-image-1638" width="818" srcset="https://wordpress.highwaythreesolutions.com/wp-content/uploads/2022/06/image-1-edited.png 766w, https://wordpress.highwaythreesolutions.com/wp-content/uploads/2022/06/image-1-edited-300x58.png 300w" sizes="(max-width: 766px) 100vw, 766px"></figure> <p>The <a rel="noreferrer noopener" href="https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html?utm_source=alert-email&amp;utm_medium=email&amp;utm_campaign=Confluence%20Server%20and%20Data%20Center-advisory-june-2022_EML-13318&amp;jobid=105601969&amp;subid=1529326420" data-type="URL" data-id="https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html?utm_source=alert-email&amp;utm_medium=email&amp;utm_campaign=Confluence%20Server%20and%20Data%20Center-advisory-june-2022_EML-13318&amp;jobid=105601969&amp;subid=1529326420" target="_blank">advisory</a> will be updated as additional details become available. If you have any questions or concerns regarding this advisory, please raise a support request with us. </p> <h3-contact-form data-subject="" class="wp-block-h3-block-h3-contact-form h3-contact-form"></h3-contact-form>