System resiliency for Atlassian customers has come under the spotlight this week after a spate of Confluence infections due to CVE-2023-22518. Administrators around the world are scrambling to patch their sites to avoid infection, whilst some sites are working on fixes to either disinfect their site or restore from backups.
At a strategic level, this brings to light the question of Jira Server end of life and if you have not yet decided to move to the cloud - what are you going to do to mitigate this?
What is a CVE..
CVE stands for Common Vulnerabilities and Exposures. It is a standard for identifying, defining, and cataloging publicly disclosed vulnerabilities and exposures. CVE Records provide a concise and standardized description of vulnerabilities, which helps to improve communication and coordination among information technology and cybersecurity professionals.
The CVE Program is managed by the MITRE Corporation, a non-profit organization that operates federally funded research and development centers.
CVE Records include information such as the CVE ID, a description of the vulnerability, the affected software or hardware, the severity of the vulnerability, and any known exploits or workarounds. CVE Records are also linked to other relevant information, such as security advisories and patches.
How to protect yourself
Tactical
-
Check if your systems have already been impacted - reference the identifiers of compromise in this blog article from Red Canary
-
To protect yourself, review the advisory provided by Atlassian and follow the steps provided in it to patch up your systems.
Strategic
Given the upcoming end of support for Atlassian’s server products (Jira & Confluence) on Feb 15th 2024 you have the following choices to make:
-
Migrate to Data Center Software
This will enable you to continue getting support from Atlassian for any future vulnerabilities that get discovered
-
Migrate to the cloud
Moving to the cloud can reduce your risk associated with software and hardware vulnerabilities, but it does not eliminate the need to protect your data. Data-specific vulnerabilities, such as accidental or malicious deletion by users among other opportunities to corrupt or delete data, can still affect your operations. Have a clear strategy in place as to how you can protect your data in the cloud.
How Can Revyz Help
Protecting your data in Atlassian cloud has become essential, but it can also be complex. With few native options from Atlassian, you have three choices:
-
Build custom scripts and manage backup data on your own
-
Use a third-party SaaS application like what Revyz has offer to offload data protection from your core IT team. The Revyz apps can store data securely & remotely, making it available for various recovery scenarios without having you to rollback the entire site.
Data Protection solution from Revyz
-
Confluence: Coming soon
Try the Revyz Data Manager for Jira app for free from the Atlassian marketplace or learn more about is capabilities here.
