Security News

Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend. The vulnerability tracked as CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability exploited through OGNL injection and impacts all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.

Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution. Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 - another security flaw the Australian software company patched in August 2021.

There's no alert about the bug visible on the company's main web page, which features the company's best-known tools JIRA and Trello, but you'll find Confluence Security Advisory 2022-06-02 on the Confluence sub-site. Webshells are a nasty way of opening up a backdoor into a network using an attack that sometimes requires attackers to do little more than write one tiny file into part of a web server where content is stored.

Atlassian has released security updates to address a critical zero-day vulnerability in Confluence Server and Data Center actively exploited in the wild to backdoor Internet-exposed servers. The zero-day affects all supported versions of Confluence Server and Data Center and allows unauthenticated attackers to gain remote code execution on unpatched servers.

A critical zero-day vulnerability in Atlassian Confluence Data Center and Server is under active exploitation, the software maker has warned on Thursday.There is currently no fix available - though they are expected to be released today - and users of the popular enterprise collaboration solution are advised to either temporarily restrict access to Confluence Server and Data Center instances from the internet, or to disable them completely.

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild. "Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server," it said in an advisory.

Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. Today, Atlassian released a security advisory disclosing that CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability tracked in both Confluence Server and Data Center.

Atlassian has warned users of its Confluence collaboration tool that they should either restrict internet access to the software, or disable it, in light of a critical-rated unauthenticated remote-code-execution flaw in the product that is actively under attack. The flaw is present in version 7.18 of Confluence Server, which is under attack, as well as potentially versions 7.4 and higher of Confluence Server and Confluence Data Center.

As the company's Chief Technology Officer Sri Viswanath revealed on April 14th, nine days after the incident started, a maintenance script accidentally wiped hundreds of customer sites due to communication issues between two Atlassian teams working on deactivating a legacy app. The 14-day-long outage impacted a very small set of Atlassian customers between April 5th and April 18th. The first set of impacted sites was restored until April 8th and the rest of the affected customer sites by April 18th. During the incident, the following Atlassian products have been unavailable for impacted customers: the entire Jira family of products, Confluence, Atlassian Access, Opsgenie, and Statuspage.

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph.