Atlassian Confluence

Confluence combines the power of online document creation, tight integration with Microsoft Office to help people work better together, share information, and build knowledge. Confluence is used as a portal, knowledge management system and documentation.

Atlassian Confluence is an enterprise content management application designed to store and share information within a company or group of companies. It can be used to organize public knowledge bases, external and internal reference and information portals and resources for working with documentation, blogging and web publications, including report publications; Knowledge Management and Business Process Documentation.

It is a universal platform, significantly expanded compared to software products of this class, the set of functions of which allows you to use the solution for organizing electronic document management of the company. The application was created by the Australian company Atlassian Software Systems.

2024: Another critical vulnerability was found in the popular Confluence platform. It allows you to hijack the server without authentication

FSTEC in mid-January 2024 warned^[1] about the discovery of another dangerous BDU:2024-00325 vulnerability in the Atlassian Confluence Server web server and the Confluence Data Center, which allows you to remotely execute extraneous code to an unauthorized user and use it to intercept their control. The vulnerability also received the highest CVSS hazard score - 10 out of 10.

Atlassian Confluence Server and Data Center are web-based data collaboration platforms designed for enterprise needs.

The vulnerability allows an unauthorized violator acting remotely to execute arbitrary code in the context of the server by introducing a specially crafted template with malicious code without conducting an authentication procedure. The error is present in versions Confluence 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x and 8.5.0-8.5.3, but not in 7.19.x LTS.

Atlassian itself recommends upgrading to versions 8.5.4, 8.5.5 (Conflict Data Center and Server), 8.6.0, 8.7.1 and 8.7.2 (Conflict Data Center), in which the problem has already been resolved^[2].

At the same time, attempts to exploit this vulnerability and the first exploits for it are recorded. So far, however, there is only information about the successful exploitation of this vulnerability by the Positive Technologies Offensive Team (PT SWARM) research group, as well as statements by the AttackerKB project about the start of exploitation of this vulnerability by hackers.

A detailed analysis of the vulnerability was carried out by^[3] on January 22 by two researchers Rahul Maini and Harsh Jaiswal of ProjectDiscovery Research, who compiled a test exploit to check a specific Confluence installation for the specified vulnerability.

Example of testing a local computer with a proposed exploit (provided by ProjectDiscovery Research)

As recommendations for eliminating the danger, you could be advised to switch to the latest fixed versions of products, but this is not available to everyone. Therefore, you can use the tips of FSTEC:

restricting access to the software from public networks (the Internet); Using virtual private networks for remote access (VPN) use of firewall means to limit the possibility of remote access; Use intrusion detection and prevention tools to track attempts to exploit a vulnerability using antivirus software to track vulnerability exploits.

2023: A dangerous vulnerability in Confluence is exploited by ransomware. FSTEC recommends defending yourself

FSTEC warns of a new dangerous vulnerability in the Atlassian Confluence Server web server and the Confluence Data Center. The vulnerability that received the BDU:2023-07453 code ( CVE-2023-22518) is associated with shortcomings in the authorization procedure. Exploiting the vulnerability could allow a remotely acting violator to elevate their privileges. The CVSS vulnerability hazard level is designated as 9.1 out of 10.

Atlassian Confluence was actively used by Russian companies several years ago, but now these systems are left without service - Atlassian has stopped working in Russia. At the same time, the company's products still remain and work. So, according to the service Netlas.io the number of servers vulnerable to this vulnerability in Russia is 1242, which is quite a lot for a possible attack for them. Moreover, there are more such servers only in Germany (3112) and the USA (2500).

Atlassian Confluence Country Specific Vulnerable Server Map

Companies that monitor malicious activity on the Internet have discovered the use of exploits aimed at a new vulnerability. In particular, [1] a whole section dedicated to her has appeared in GrayNoise reports, however, so far the number of recorded attacks is not very large. [2] The company Rapid7 also published its report on the exploitation of this vulnerability on its blog. Moreover, ransomware, in particular, from the Cerber group (aka CerberImposter), are indicated as the first users of this vulnerability.

In this regard, FSTEC recommends installing updates from trusted sources (the manufacturer is not) or implementing compensatory measures aimed mainly at disconnecting vulnerable servers from the Internet: creating a backup copy of its instance of the software tool with settings and data; restriction of access to software from external networks (Internet); Use virtual private networks for remote access (VPN). According to Atlassian, the error has been fixed in versions Confluence Data Center and Server 7.19.16, 8.3.4, 8.4.4, 8.5.3 and 8.6.1. Also [3] , temporary protection measures have been published on the manufacturer's website, which can be applied if updates are not available.

How to replace Atlassian Confluence?

The only reliable analysis of knowledge management systems available in open sources - the CCGuru report, formed at the end of 2021 - considers the six main players in the market for this software.

It is immediately necessary to exclude KMS Lighthouse (Israeli solution) and the Mass Group product from this list, judging by all signs that it has already suspended its activities in the Russian Federation. These solutions, despite their possible advantages and experience in the market, cannot be recommended as an alternative to Confluence due to sanctions risks.

Thus, with all the wealth of choice, only three large Russian developments can become a worthy replacement for Atlassian products:

• Rostelecom CPS
  
• Minerva Knowledge
  
• CraftTalk

All three systems have objective pros and cons, but their deep analysis is not the subject of this article, therefore, the management of companies is still recommended to make a decision on their own, taking into account the needs and only after a deep comparative analysis of the capabilities offered by the systems (more).

Confluence 5.2

• Search for recently viewed publications in one click;
• Improved interface and fast filters;
• More relevant results thanks to an improved search algorithm;
• Improved performance - Search indexing uses 40% less disk space.

Confluence 4.3

• When accessing the portal from a mobile device, a special mobile site with a convenient organization is displayed;
• Added a system for creating and tracking everyday tasks, as well as assigning tasks to colleagues;
• The template creation system has been redesigned, functionality has been added to create templates with any number of macros;
• When creating data tables in the portal, you can color cells in different colors, sort them, and use basic calculation formulas.

Confluence 3.5

The product was seriously improved in terms of functionality, and the interaction between it and the powerful development automation system - Atlassian JIRA 4.3, was also improved for the convenience of users. Key improvements in Confluence 3.5:

• New button for quick publishing of pages by mail or blogs;
• The ability to add JIRA queries from the editor;
• Support for HTML5 browsers (Firefox 3.6, Firefox 4, Safari 5, IE 9) with the ability to accept files through Drag and Drop dragging objects;
• Added the ability to track blogs in spaces;
• The ability to embed video in pages using a Multimedia macro;
• Support for nested security groups;
• Track feedback on your new Portal inclusions.

Notes