Threat actors are leveraging public exploits to utilize a critical zero-day remote code execution that affects all versions of a popular collaboration tools called Atlassian. Atlassian is used in cloud and hybrid server environments. The flaw reportedly allows for complete host takeover, making it a very serious threat. Researchers from Volexity were the first to discover the flaw over the Memorial Day weekend after detecting suspicious activity on internet facing web servers. The servers allegedly belonged to a customer running the software, the company stated.
The vulnerability remains unpatched on many versions of the tool, and according to Volexity, it has the potential to create a disastrous scenario similar to that of the SolarWinds hacks. The researchers have identified activity to a public exploit for the vulnerability that has been spreading rapidly. Atlassian released a security advisory around the same time that Volexity publicly reported the flaw. The US Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) has also released a warning regarding the flaw.
Read More: Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw