Emergency: Wiki and JIRA instances are now password protected
Giovanni Tirloni
gtirloni at ocadu.ca
Fri Jun 3 10:47:36 UTC 2022
Hello,
There is a new vulnerability<https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/> currently affecting Confluence (Wiki) that allows an attacker to take over servers by submitting a specially crafted request.
Atlassian has not made available a fix for this issue yet and in order to stop attackers from automated tools, I have had to enable HTTP Basic Authentication on both the Wiki and JIRA instances.
Username: fluid
Password: fluid
I will keep monitoring the situation and remove the password protection as soon as we are able to deploy a fix for this.
Please note this is in addition to the normal Confluence/JIRA user authentication. After entering the HTTP basic authentication credentials, you'll be prompted for your personal username/password, if you're not logged in yet.
Sorry for the inconvenience. Please report any issues you may find.
Regards,
Giovanni Tirloni
DevOps Engineer
Inclusive Design Research Centre, OCAD University
https://status.inclusivedesign.ca<https://status.inclusivedesign.ca/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.idrc.ocad.ca/pipermail/fluid-work/attachments/20220603/9f921081/attachment.htm>
More information about the fluid-work
mailing list