The Jenkins project reported that it was attacked through the recently discovered CVE-2021-26084 vulnerability in the Atlassian Confluence service. The U.S. Cybersecurity and Infrastructure Security Agency issued alerts warning users of ongoing mass exploitation of the vulnerability. The vulnerability allows an authenticated user, and in some instances even an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The number of exposed and vulnerable Confluence servers dropped further to 8,597, as of Sunday.”]
Source: https://www.cuinfosecurity.com/8000-confluence-servers-still-vulnerable-to-atlassian-flaw-a-17487