Vulnerabilities > CVE-2022-26134 - Expression Language Injection vulnerability in Atlassian Confluence Data Center
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
- Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild (source)
- Exploit released for Atlassian Confluence RCE bug, patch now (source)
- Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw (source)
- Hackers exploit recently patched Confluence bug for cryptomining (source)
- Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware (source)
- Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners (source)
- Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage (source)
References
- https://jira.atlassian.com/browse/CONFSERVER-79016
- http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html
- https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html