Critical vulnerability in Atlassian Confluence

Kritische_Sicherheitslücke

Vulnerability: CVE-2022-26134

Severity: Critical

On June 2, 2022, Atlassian, developer of tools such as Jira and Trello, published a security advisory for the vulnerability CVE-2022-26134. This is a critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center. The vulnerability is rated as critical and can be easily exploited.

Which versions are affected?

All versions of Confluence Server and Data Center prior to the fixed versions listed below are affected by this vulnerability.

Patches

Atlassian recommends upgrading to the latest long-term support version. For a detailed description of the latest version, please view the Confluence Server and Data Center release notes.

The following versions contain the patch for the vulnerability:

  • 7.4.17

  • 7.13.7

  • 7.14.3

  • 7.15.2

  • 7.16.4

  • 7.17.4

  • 7.18.1

You can download the latest version from the Download Center.

Vulnerability detection

After announcement of the new vulnerability, our go.lywand.com platform was updated.

The vulnerability can be identified in the course of lywand's security audits.

More info

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/

Bernhard Schildendorfer

June 3, 2022

Category

Security vulnerability

Might be also interesting

Press announcement

Partnership with campusLan

We have entered into a distribution partnership with campusLan, the leading distributor for the education sector in the DACH region. Together with the Austrian distribution partners, we want to bring educational institutions of all sizes to the next level of cyber security.

March 21, 2023
Risiken durch automatisierte Cyberangriffe

Guide

Risks from automated cyberattacks

In the world of cybercrime, attacks are becoming more efficient and specific. Thanks to automated malware campaigns that use exploit kits to search for vulnerabilities, cybercriminals ace the game. Companies now face the challenge of minimizing their attack surface and eliminating their vulnerabilities.

March 8, 2023

Company

Our recap of 2022

The year 2022 was a year full of change and progress for lywand. In this article, we look back on the past year and give a preview of the developments that await us in 2023.

January 18, 2023