Description

Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

All versions of Confluence Server and Data Center prior to the fixed versions listed above are affected by this vulnerability.

Remediation

Upgrade to the latest version of Confluence.
Released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 contain a fix for this issue.

References

Confluence Security Advisory 2022-06-02

Cloudflare observations of Confluence zero day (CVE-2022-26134)

Related Vulnerabilities

Spring Data REST RCE via PATCH requests

WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)

WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP Remote Code Execution (5.5.15)

Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.8)

WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0)

Severity

High

Classification

CVE-2022-26134 CWE-917 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

Code Execution