Security News > 2022 > June > Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw

Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw
2022-06-07 11:21

Threat actors are using public exploits to pummel a critical zero-day remote code execution flaw that affects all versions of a popular collaboration tool used in cloud and hybrid server environments and allows for complete host takeover.

Researchers from Volexity uncovered the flaw in Atlassian Confluence Server and Data Center software over the Memorial Day weekend after they detected suspicious activity on two internet-facing web servers belonging to a customer running the software, they said in a blog post published last week.

The researchers tracked the activity to a public exploit for the vulnerability, CVE-2022-26134, that's been spreading rapidly, and subsequently reported the flaw to Atlassian.

Atlassian released a security advisory the same day that Volexity went public with the flaw, warning customers that all supported version of Confluence Server and Data Center after version 1.3.0 were affected and that no updates were available.

The public exploits recently released that allow attackers to use the flaw to enable arbitrary command execution and take over the host against a number of Confluence versions-including the latest unpatched version, 7.18.0, according to tests that Horion3.

Sunkavalley pointed out that the most obvious impact of the vulnerability is that attackers can easily compromise public-facing Confluence instances to gain a foothold into internal networks, and then proceed from there to unleash even further damage.


News URL

https://threatpost.com/public-exploits-atlassian-confluence-flaw/179887/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-03 CVE-2022-26134 Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-917
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 3 259 104 46 412