Critical Vulnerability in Confluence Server and Data center

Critical Vulnerability in Confluence Server and Data center

Atlassian disclosed a critical vulnerability tracked as CVE-2022-26134 on 2nd June 2022. This is a Critical severity unauthenticated remote code execution vulnerability in Confluence Server and Data Center.

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

Many organizations have urges organizations to update the upgrade Confluence Server and Confluence Data Center. As many threat actors are Threat actors are actively scanning to exploit public-facing vulnerable assets. This would result in an increased risk for many organizations.

Impact
Threat actors are exploiting the vulnerability to execute an arbitrary code on the compromised host and deploy Cobalt Strike, botnets, crypto miners, and ransomware on the target system.

Remediate
Update to the Released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 which contain a fix for this issue.

Reference:
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/03/atlassian-releases-new-versions-confluence-server-and-data-center