Critical vulnerability in Atlassian Confluence

Neue kritische Sicherheitslücke in Confluence von Atlassian

Vulnerability: CVE-2022-26134

Severity: Critical

On June 2, 2022, Atlassian, developer of tools such as Jira and Trello, published a security advisory for the vulnerability CVE-2022-26134. This is a critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center. The vulnerability is rated as critical and can be easily exploited.

Which versions are affected?

All versions of Confluence Server and Data Center prior to the fixed versions listed below are affected by this vulnerability.

Patches

Atlassian recommends upgrading to the latest long-term support version. For a detailed description of the latest version, please view the Confluence Server and Data Center release notes.

The following versions contain the patch for the vulnerability:

  • 7.4.17

  • 7.13.7

  • 7.14.3

  • 7.15.2

  • 7.16.4

  • 7.17.4

  • 7.18.1

You can download the latest version from the Download Center.

Vulnerability detection

After announcement of the new vulnerability, our go.lywand.com platform was updated.

The vulnerability can be identified in the course of lywand's security audits.

More info

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/

Bernhard Schildendorfer

June 3, 2022

Category

Security vulnerability

Might be also interesting

Managed Security Service Provider: Geschäftsmodell für die Zukunft.

Guide

MSSP: a future-proof business model

Numerous managed security service providers are currently emerging. But what makes this business model work, and what should you as a reseller, system house or MSP pay attention to when making the switch? You can learn all about it in the article.

September 1, 2022
Neue Distributionspartnerschaft mit Fokus MSP

Press announcement

Partnership with Fokus MSP

Since 20 July it is official: Fokus MSP is a further distribution partner! Together we want to simplify the consulting and procurement process for MSPs, IT service providers and system houses.

July 20, 2022

Security vulnerability

Critical RPC vulnerability in Windows

A critical vulnerability has been discovered in Windows operating systems. Find out in the article what consequences exploiting the vulnerability can have and what measures we strongly recommend you take.

April 14, 2022