Quote:A just-patched, critical remote code-execution (RCE) vulnerability in the Atlassian Confluence server platform is suffering wide-scale exploitation, the Feds have warned – as evidenced by an attack on the popular Jenkins open-source automation engine.
 
Atlassian Confluence is a collaboration platform where business teams can organize its work in one place: “Dynamic pages give your team a place to create, capture, and collaborate on any project or idea,” according to the website. “Spaces help your team structure, organize and share work, so every team member has visibility into institutional knowledge and access to the information they need to do their best work.”
 
In other words, it can house a treasure trove of sensitive business information as well as supply-chain information that could be used for follow-on attacks on partners, suppliers and customers.

For its part, Jenkins identified a “successful attack against our deprecated Confluence service,” it said in a statement over the weekend. Thankfully, “we have no reason to believe that any Jenkins releases, plugins or source code have been affected,” the team added.