Description

Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

All versions of Confluence Server and Data Center prior to the fixed versions listed above are affected by this vulnerability.

Remediation

Upgrade to the latest version of Confluence.
Released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 contain a fix for this issue.

References

Confluence Security Advisory 2022-06-02

Cloudflare observations of Confluence zero day (CVE-2022-26134)

Related Vulnerabilities

Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)

Drupal Core 9.3.x Remote Code Execution (9.3.0 - 9.3.18)

Server-side JavaScript injection

Apache Log4j2 JNDI Remote Code Execution (delayed)

WordPress Plugin Gutenberg Block Editor Toolkit-EditorsKit Remote Code Execution (1.31.5)

Severity

High

Classification

CVE-2022-26134 CWE-917 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

Code Execution