On June 2, 2022, Atlassian announced that a critical remote code execution (RCE) vulnerability was found in their Confluence Server and Confluence Data Center products.
According to Atlassian, over 75,000 customers use Confluence to host some form of documentation. Confluence is used by many companies to host sensitive information, including production secrets, sensitive company infrastructure, ways to set up development environments, and more.
On June 3, Atlassian released updated Long Term Support versions of both products that contained a fix for the vulnerability.
If you are a Confluence user, refer to the Confluence Server and Data Center Vulnerability Resource Center for details on how you can identify potentially vulnerable third parties in your portfolio.