We would like to bring to your attention the recently discovered unauthenticated remote code execution vulnerability in Atlassian Confluence (CVE-2022-26134).
Description
Confluence Server and Data Center editions are affected by the unauthenticated remote code execution flaw and are currently under active exploitation by malicious hacker groups. At the time of writing no specifics about the vulnerable endpoint have been released.
Affected Versions
As confirmed by Atlassian, all supported versions of Confluence Server and Data Center are affected.
Note: Confluence sites hosted at the Atlassian Cloud are protected against the exploitation. If your site is accessed via an .atlassian.net domain, it is hosted at the Atlassian Cloud.
Remediation
Currently there is no security patch available. Atlassian advises customers to remove Confluence Server and Data Center from the internet until a security patch becomes available for the mentioned issue.
If you are unable to remove the application from the internet, either through disabling the server or adding firewall rules, implementing a Web Application Firewall rule which blocks URLS containing ${ may reduce your risk of exploitation.
When will a security patch become available?
A deadline for remediation has been set for June 3rd, 2022 by the United States Cybersecurity & Infrastructure Security Agency (CISA).
Atlassian states “We expect that security fixes for supported versions of Confluence will begin to be available for customer download within 24 hours (estimated time, by EOD June 3 PDT).”
References:
-
https://bugalert.org/content/notices/2022-06-02-confluence.html?src=tw
-
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
-
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
-
https://thehackernews.com/2022/06/hackers-exploiting-unpatched-critical.html
![](https://www.covertswarm.com/wp-content/uploads/2024/06/2024-Academy-Intake-3-640x320.png)
Academy Launches Second Intake
CovertSwarm’s Academy is opening the 2024 intake. Apply and start your cybersecurity journey as an ethical hacker.
![DORA & NIS2 European Flag](https://www.covertswarm.com/wp-content/uploads/2024/05/DORA-and-NIS2-European-Flag-640x320.png)
Combining regulation with real-world security assurance: DORA and NIS2
Whether you’re a local financial startup or a multinational food distributor, understanding how DORA and NIS2 may affect your organization is vital. With implementation dates just…
![](https://www.covertswarm.com/wp-content/uploads/2024/05/Clutch-100-fastest-growth-640x320.png)
CovertSwarm named by Clutch among Top 100 Fastest-Growing Companies
Clutch has recognized us for achieving one of the highest revenue growth rates from 2022 to 2023.