Unpatched Atlassian Confluence vulnerability is actively exploited

Home/Exploitation, Security Advisory, Security Update, Tips, vulnerability/Unpatched Atlassian Confluence vulnerability is actively exploited

Unpatched Atlassian Confluence vulnerability is actively exploited

Researchers found a vulnerability in Atlassian Confluence by conducting an incident response investigation. Atlassian rates the severity level of this vulnerability as critical.

Atlassian has issued a security advisory and is working on a fix for the affected products. This qualifies the vulnerability as an actively exploited in the wild zero-day vulnerability.

Confluence

Atlassian Confluence is a collaboration tool in wiki style. Confluence is a team collaboration platform that connects teams with the content, knowledge, and their co-workers, which helps them find all the relevant information in one place. Teams use it to work together on projects and share knowledge.

Atlassian Confluence vulnerability

The description of CVE-2022-26134 says it is a critical unauthenticated remote code execution vulnerability in Confluence Server and Confluence Data Center.

During the investigation, the researchers found JSP web shells written to disk. JSP (Jakarta Server Pages or Java Server Pages) is a server-side programming technology that helps software developers create dynamically generated web pages based on HTML, XML, SOAP, or other document types. JSP is similar to PHP and ASP, but uses the Java programming language.

It became clear that the server compromise stemmed from an attacker launching an exploit to achieve remote code execution. The researchers were able to recreate that exploit and identify a zero-day vulnerability impacting fully up-to-date versions of Confluence Server.

After the researchers contacted Atlassian, Atlassian confirmed the vulnerability and subsequently assigned the issue to CVE-2022-26134. It confirmed the vulnerability works on current versions of Confluence Server and Data Center.

Mitigation

There are currently no fixed versions of Confluence Server and Data Center available. In the interim, users should work with their security team to consider the best course of action. Options to consider include:

  • Restricting access to Confluence Server and Data Center instances from the internet.
  • Disabling Confluence Server and Data Center instances.
  • If you are unable to take the above actions, implementing a WAF (Web Application Firewall) rule which blocks URLs containing ${ may reduce your risk.

Note: ${ is the first part of a parameter substitution in a shell script

Follow us for more, Facebook, Twitter, LinkedIn and Instagram

Affected versions for Atlassian Confluence

All supported versions of Confluence Server and Data Center are affected. And according to Atlassian it’s likely that all versions of Confluence Server and Data Center are affected, but they are still investigating and have yet to confirm the earliest affected version.

Post Views: 376
By | 2022-06-17T13:46:48+05:30 June 6th, 2022|Exploitation, Security Advisory, Security Update, Tips, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!