Atlassian: Unpatched critical flaw under attack right now to hijack Confluence – and it’s been there since 2013

The Register – Security

CISA’s suggested action is to take the thing offline until it can be fixed, Atlassian has added a possible defence

Updated  Atlassian has warned users of its Confluence collaboration tool that they should either restrict internet access to the software, or disable it, in light of a critical-rated unauthenticated remote-code-execution flaw in the product that is actively under attack.…