How Cloudflare helped mitigate the Atlassian Confluence OGNL vulnerability before the PoC was released

On August 25, 2021, Atlassian issued a security advisory for their Confluence Server and Data Center due to an Object-Graph Navigation Language (OGNL) injection vulnerability that could allow unauthenticated attackers to execute arbitrary code. A full proof of concept (PoC) was made available by a security researcher on August 31, 2021. Cloudflare reviewed the PoC and prepared a mitigation rule via an emergency release, which was deployed on September 1, 2021. The new rule automatically protected all customers using the Cloudflare WAF to protect their self-hosted Confluence applications. Additionally, the Cloudflare WAF started blocking a high number of potentially malicious requests to Confluence applications even before the rule was deployed. Customers must update their self-hosted Confluence installations to ensure full protection from this critical vulnerability (CVE-2021-26084).