Atlassian recently divulged a zero-day vulnerability in its Confluence Server application, which is now actively being targeted, even by sophisticated nation-state threat actors. What makes this vulnerability stand out is its simplicity: with just three HTTP requests, an unauthorized attacker can effortlessly craft a new administrator account on any exposed Confluence Server.
Article Link: Atlassian Confluence Server Zero-Day Vulnerability Analysis/Mitigation