Author: David Lindler

Comment on A Warning To Enterprises: It’s Time To Retire On-prem; Migration To Cloud And Modern AppSec Tools Critical To Future Threats, What Do You Think? by David Lindler

Thankfully, this does not affect the cloud/SaaS versions of Confluence. Unfortunately, those who are running Confluence on-premises are being instructed to remove it from the internet, shut it off, or add an overly aggressive web application firewall (WAF) rule until there is a fix—being left high and dry and without the use of an important project collaboration tool that will affect their organization’s overall productivity.
The Contrast Labs Team is closely monitoring the critical unauthenticated remote code execution vulnerability discovered in all versions of Atlassian’s on-prem Confluence Server and Data Center. Atlassian products continue to be plagued with OGNL Injections and based on the instructions for WAF rules and comments about loading malicious classes, we believe this is another case of OGNL Injection leading to an RCE. This is yet another example of why enterprises need to move away from on-prem technologies as well as invest in runtime application self-protection (RASP) technologies that can prevent these exploits all before day zero, without the need to patch anything or turn it off.
It blows my mind that so many organizations do not see RASP as a critical control layer, especially when RASP solutions provide continuous, accurate, automated and scalable protection while providing application layer threat intelligence across the entire application.