According to Volexity, a webshell was discovered in Atlassian Confluence server during an incident response investigation. Volexity determined that it was a zero-day vulnerability that could execute remote code even after the latest patch was completed and reported the issue to Atlassian. After receiving the issue report and identifying it as a zero-day, Atlassian issued a security advisory for the critical unauthenticated remote code execution. Timeline (based on PDT) May 31: Volexity found zero-day vulnerability … More
The post Criminal IP analysis report on zero-day vulnerability in Atlassian Confluence appeared first on Help Net Security.