This post was first published on 4 June 2022
Following the CISA alert, about vulnerability and active exploits, Atlassian has released new versions of their collaboration software, Confluence Server and Confluence Data Center.
Update 8 June 2022
If you have not updated – exploits are being recorded in the wild:
Atlassian Confluence Exploits Seen By Our Honeypots (CVE-2022-26134) – SANS Internet Storm Centre
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
Further Reading
Critical Atlassian 0-day is under active exploit. You’re patched, right? | Ars Technica
Atlassian: Unpatched critical Confluence flaw under attack • The Register