Confluence is a web-based corporate wiki tool developed to facilitate collaboration between teams and to share knowledge efficiently. It was developed by Australian software company Atlassian in the Java programming language, and first published in 2004.
On 2-Jun-22, reports emerged that the platform had a flaw which enabled exploitation by ransomware attackers. The flaw is a remote code execution vulnerability associated with the Open Graph Navigation Language (OGNL) Java code in the platform. An attacker could inject commands into a packet of OGNL data, enabling them to execute commands they would otherwise not be able to do. In the worst case, those commands would include launching a web shell and providing total command over a server.
In particular, Microsoft researchers observed the flaw being exploited by hackers to deploy the Cerber 2021 ransomware package. Targeted machines were loaded with not only the ransomware package, but a host of traditional malware, including cryptocurrency miners and lateral movement tools.
Atlassian has since issued an advisory post about a patch and guiding steps to customers on how to address the issue (see <here>).