Security News > 2022 > June > Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw

Threat actors are using public exploits to pummel a critical zero-day remote code execution flaw that affects all versions of a popular collaboration tool used in cloud and hybrid server environments and allows for complete host takeover.

Researchers from Volexity uncovered the flaw in Atlassian Confluence Server and Data Center software over the Memorial Day weekend after they detected suspicious activity on two internet-facing web servers belonging to a customer running the software, they said in a blog post published last week.

The researchers tracked the activity to a public exploit for the vulnerability, CVE-2022-26134, that's been spreading rapidly, and subsequently reported the flaw to Atlassian.

Atlassian released a security advisory the same day that Volexity went public with the flaw, warning customers that all supported version of Confluence Server and Data Center after version 1.3.0 were affected and that no updates were available.

The public exploits recently released that allow attackers to use the flaw to enable arbitrary command execution and take over the host against a number of Confluence versions-including the latest unpatched version, 7.18.0, according to tests that Horion3.

Sunkavalley pointed out that the most obvious impact of the vulnerability is that attackers can easily compromise public-facing Confluence instances to gain a foothold into internal networks, and then proceed from there to unleash even further damage.

News URL

https://threatpost.com/public-exploits-atlassian-confluence-flaw/179887/