Skip to Main Content

Confluence Server Vulnerability, June 2, 2022 [Resolved]

Update, June 3, 2:20 p.m. Confluence Server has been updated and patched; the service is back online. If you still experience issues, please contact us at (310) 267-HELP (4357) or help@it.ucla.edu.

Update, June 3, 9:44 a.m. Atlassian expects to release a software update at EOD (end-of-day) to patch the vulnerability. Confluence Server (Spaces) will remain down until the update can be installed and the service brought back online. 

Update, 5:26 p.m. We’re completely shutting down Confluence Server as a further precaution.

___

We are aware there’s currently a security issue affecting all spaces within our Confluence Server instance. Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. Further details about the vulnerability are being withheld until a fix is available. Atlassian is actively working on a patch for impacted versions and will update the advisory with estimates for completion.

To reduce risk, IT Services has shut down the Confluence Server instance at spaces.ais.ucla.edu. Users will see a 403 Forbidden error as a result.

We’ll send out another update when we have more information from Atlassian. Thanks for your patience.

If you’re one of the affected users, or would like more details, please contact us at (310) 267-HELP (4357) or help@it.ucla.edu.


Related Information:

Confluence Security Advisory 2022-06-02 | Confluence Data Center and Server 7.18 | Atlassian Documentation

Tags