CVE-2022-26134 is a new critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center. Atlassian has already confirmed that all supported versions of Confluence Server and Data Center are affected.
However, the earliest affected version should be confirmed separately. There are reports that the vulnerability is exploited in the wild. More particularly, Confluence Server 7.18.0 seems to be exploited. The company is actively working on a patch to be released as soon as possible. Currently, there are no mitigations that fix the vulnerability.
What Is Atlassian Confluence?
Atlassian Confluence is a collaboration platform written primarily in Java and running on a bundled Apache Tomcat application server. The platform helps users create content using spaces, pages, and blogs that other users can comment on and edit.
What Can Customers Do to Minimize the Risk of CVE-2022-26134?
Atlassian says that customers “should work with their security team to consider the best course of action.” Available options include either restricting access to Confluence Server and Data Center from the internet, or disabling them altogether. In case neither of these options is applicable, then you can implement a WAF (Web Application Firewall) rule to block URLs containing ${.
Previously disclosed, critical Atlassian flaws include CVE-2021-26084 and CVE-2020-36239.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: