Atlassian discovered a vulnerability in its Confluence Server which they need to patch to remedy a Critical-rated flaw.
Confluence Server Webwork OGNL injection vulnerability could allow an authenticated user, or unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.
However, Atlassian's own Confluence Cloud was patched but other hosted Confluence offerings might be vulnerable.
Source: https://www.theregister.com/2021/08/26/atlassian_critical_confluence_flaw/
TPRM report: https://scoringcyber.rankiteo.com/company/atlassian
"id": "atl0214622",
"linkid": "atlassian",
"type": "Vulnerability",
"date": "08/2021",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'industry': 'Software Development',
'name': 'Atlassian',
'type': 'Company'}],
'attack_vector': ['Webwork OGNL injection'],
'description': 'Atlassian discovered a vulnerability in its Confluence Server '
'which they need to patch to remedy a Critical-rated flaw. '
'Confluence Server Webwork OGNL injection vulnerability could '
'allow an authenticated user, or unauthenticated user, to '
'execute arbitrary code on a Confluence Server or Data Center '
"instance. However, Atlassian's own Confluence Cloud was "
'patched but other hosted Confluence offerings might be '
'vulnerable.',
'impact': {'systems_affected': ['Confluence Server', 'Data Center instance']},
'motivation': 'Arbitrary code execution',
'response': {'remediation_measures': ['Patching the vulnerability']},
'title': 'Confluence Server Webwork OGNL Injection Vulnerability',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'Confluence Server Webwork OGNL injection'}