Atlassian warns of critical security flaw

Confluence customers urged to upgrade

Fri 18 May 2012 // 06:50 UTC

Atlassian has warned of a critical security flaw in its Confluence product.

All versions of Confluence up to and including 4.1.9 are at risk, the company says, thanks to what it calls an “XML parsing vulnerability” that could lead to “denial of service attacks against the Confluence server” or allow intruders to “read all local files readable to the system user under which Confluence runs.”

Atlassian has provided fixes for all major versions of Confluence that are supported – 3.5.x, 4.0.x and 4.1.x. Hence, customers do not have to upgrade to 4.2 to fix the vulnerability.

Atlassian has posted a mitigation procedure, but warns the actions it recommends “will only limit the impact of the vulnerability … not mitigate it completely.” ®

Topics

Special Features

Vendor Voice

Resources

Security

Atlassian warns of critical security flaw

Confluence customers urged to upgrade

More about

More about

Narrower topics

More about

More about

More about

Narrower topics

TIP US OFF

Other stories you might like

In the rush to build AI apps, please, please don't leave security behind

Microsoft Copilot for Security prepares for April liftoff

US critical infrastructure cyberattack reporting rules inch closer to reality

Protecting distributed branch office environments from ransomware

FreeBSD Foundation hands out Beacon gongs for safer software

Row breaks out over true severity of two DNSSEC flaws

Truck-to-truck worm could infect – and disrupt – entire US commercial fleet

Infosec teams must be allowed to fail, argues Gartner

Majority of Americans now use ad blockers

'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw

Five Eyes tell critical infra orgs: Take these actions now to protect against China's Volt Typhoon

Malicious SSH backdoor sneaks into xz, Linux world's data compression library

About Us

Our Websites

Your Privacy