back to article Atlassian warns of critical Confluence flaw

Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw. The company's not saying a lot about CVE-2021-26084, besides describing it as a "Confluence Server Webwork OGNL injection vulnerability … that would allow an authenticated user, and in some instances …

  1. amanfromMars 1 Silver badge

    Oh? Now that would be unusual?

    Cloud-hosted Confluence is not impacted by the bug.

    Don't bet any good money on that being so, unless you want to deposit it for laundering and losing to elements exercising their skillsets elsewhere. Done well, they be silent venture capitalistic style investments for New Money Maker Barons and Friends rather than Old Money Family Dynasties and Foe.

    1. TheMeerkat

      Re: Oh? Now that would be unusual?

      I would expect that they deployed the fix to the hosted version before it was announced.

      If you host your own software, you can fix it quickly as you don’t rely on other people to update.

  2. Robert Grant Silver badge

    The next flaw is the Australian government's new far-reaching powers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like