Vulnerability: CVE-2022-26134
Severity: Critical
On June 2, 2022, Atlassian, developer of tools such as Jira and Trello, published a security advisory for the vulnerability CVE-2022-26134. This is a critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center. The vulnerability is rated as critical and can be easily exploited.
Which versions are affected?
All versions of Confluence Server and Data Center prior to the fixed versions listed below are affected by this vulnerability.
Patches
Atlassian recommends upgrading to the latest long-term support version. For a detailed description of the latest version, please view the Confluence Server and Data Center release notes.
The following versions contain the patch for the vulnerability:
7.4.17
7.13.7
7.14.3
7.15.2
7.16.4
7.17.4
7.18.1
You can download the latest version from the Download Center.
Vulnerability detection
After announcement of the new vulnerability, our go.lywand.com platform was updated.
The vulnerability can be identified in the course of lywand's security audits.
More info
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
