On June 2nd, 2022, Workiva received a Confluence Security Advisory for a critical severity unauthenticated remote code execution vulnerability in the Confluence Server and Data Center (CVE-2022-26134) that was actively being exploited in the wild.
Following the notification, Workiva quickly followed the recommended remediation and restricted access to Confluence from the internet. Workiva then conducted an investigation to determine whether our servers had been targeted. To date, our investigation into this vulnerability has found no evidence of unauthorized access or other impact to the Workiva platform or our customers' data.
A patched version of the Confluence Server and Data Center was released on June 3, 2022, and Workiva deployed this out to our environment thereby restoring internal Confluence service.
We will continue to monitor the situation and work with our vendors and partners to ensure that there is no upstream impact.
For more information, please see the Confluence Security Advisory: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html