» Published on
Last Update solve critical vulnerability
» UpdatedWe updated to the fixed version 7.13.7 on Saturday, June the 4th, at 11:15 CEST. -> MSI Confluence is not affected any more. MSI Platform Services
» UpdatedAtlassian, notified us this morning of a critical vulnerability in the CONFLUENCE Data Center tool (CVE-2022-26134).
At 10:08 a.m. CEST, we implemented the WAF (Web Application Firewall) rule currently recommended by Atlassian in MSI Confluence and checked its functionality. The rule blocks all access to the MSI Confluence URL containing the string "${" and redirects them to a web page with the text "403 Forbidden".
We also monitor and review MSI Confluence for suspicious activity.
Atlassian states that they will provide a solution by June 3rd, 2022 EoB (PDT), although it is unclear whether this solution will be applicable to all versions of Confluence. Since any update must first be tested before we can implement it, we will shut down MSI Confluence starting today, 06/03/2022, 17:00 (CEST) and will go online again on Tuesday, 07.06.2022 until 12:00 (CEST) with the fixed version, assuming that the update is available as promised.
We are sorry about the inconveniences and ask for your understanding. MSI Platform Services
» Updated