Confluence Vulnerability

As of today, Friday, June 3, 2022, access to the Confluence Wiki service (https://confluence.desy.de) from outside is no longer possible.

The reason for this measure is a recently disclosed vulnerability in the ATLASSIAN product Confluence, the exploitation of it is to be prevented in this way. The manufacturer explicitly recommends preventing access to affected systems from the Internet. The manufacturer is working on a corresponding treatment of the vulnerability.

On this website you will find information about the possibilities to access Confluence from outside.

In case of questions, please feel free to contact the central DESY IT helpdesk (E-Mail: uco@desy.de, Tel: 5005).

SSH Connection

If you do not have VPN access or do not use a business device, you have to establish an SSH connection to be able to reach internal DESY websites. For this purpose, please follow the steps mentioned below.

Figure 1

Step 1 - Establish the SSH Connection

If you are using Windows, press ⊞ Win + R and enter the command cmd, afterwards please click 'OK' to open the Windows command line (Fig. 1).

Execute the following command using your command line (Fig. 2).:

ssh -D 2280 username@bastion.desy.de



 

Figure 2

Replace username with your personal DESY user name. Then press the Enter key ↵. Enter your password (the entry is not visible) and press the Enter key ↵ again. Please leave the window open, just minimize it if necessary.

 

Figure 3

Step 2 - Setup the Browser

Start Firefox and open the settings using the menu (☰ -> "⛭ Settings"). Scroll to the bottom. In the chapter "Network Settings" click on "Settings...". Configure the following options and click on "OK" afterwards (Fig. 3):

  • Activate the Option "Manual Proxy Configuration"
  • SOCKS Host: localhost
  • Port: 2280
  • Activate the Option SOCKS v5
  • Activate the Option "Proxy DNS when using SOCKS v5"


Now you should be able to access internal DESY web sites like https://confluence.desy.de using your local Firefox.

Note: After setting the proxy in the browser or system websites belonging to DESY will become unavailable or load significantly longer when the SSH connection is not established. Also this tunnels all your traffic through DESY.

VPN Connection

Users who have VPN access can establish a VPN connection with their DESY business device and access internal web pages this way. If required, instructions for establishing a VPN connection can be found on the following website:

https://it.desy.de/services/remote_access/vpn

Please note that obtaining VPN access is usually only permitted for DESY employees who work with a DESY business device. If you do not work with a DESY business device, please use SSH (see the above mentioned section).