Volexity security researchers recently reported a zero-day vulnerability affecting Atlassian Confluence Server and Data Center which is currently being exploited in the wild. Volexity researchers issued the report after responding to incidents over the US Memorial Day weekend. Atlassian confirmed these reports and issued a security advisory announcing that the vulnerability is currently unpatched and affecting all currently supported versions of the Confluence Server and Confluence Data Center products. Atlassian has said that its cloud-based products are not known to be vulnerable at this time and is tentatively scheduling a patch release for end of day on June 3rd.
Organizations with external-facing Atlassian Confluence products should move to mitigate the risks as appropriate to their risk assessment framework. Since no workaround is currently available, removing Internet accessibility from on-premise Confluence products or simply deactivating these products are the only known solutions at this time.
Due to the complexity of modern computing systems, zero-day exploitations in the wild are increasingly likely in any configuration and deployment. A defense-in-depth strategy with robust post-exploitation capabilities, such as the MDR and Threat Hunting services offered by Binary Defense, is necessary in order to properly secure IT assets in the modern threat environment.