Critical vulnerability in Atlassian Confluence

Atlassian published a security advisory for the vulnerability CVE-2022-26134, which is a critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center.

Vulnerability: CVE-2022-26134

Severity: Critical

On June 2, 2022, Atlassian, developer of tools such as Jira and Trello, published a security advisory for the vulnerability CVE-2022-26134. This is a critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center. The vulnerability is rated as critical and can be easily exploited.

Which versions are affected?

All versions of Confluence Server and Data Center prior to the fixed versions listed below are affected by this vulnerability.

Patches

Atlassian recommends upgrading to the latest long-term support version. For a detailed description of the latest version, please view the Confluence Server and Data Center release notes.

The following versions contain the patch for the vulnerability:

  • 7.4.17

  • 7.13.7

  • 7.14.3

  • 7.15.2

  • 7.16.4

  • 7.17.4

  • 7.18.1

You can download the latest version from the Download Center.

Vulnerability detection

After announcement of the new vulnerability, our go.lywand.com platform was updated.

The vulnerability can be identified in the course of lywand's security audits.

More info

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/

Bernhard Schildendorfer

June 3, 2022

Category

Guide

Might be also Interesting

Guide

Asset Discovery Uncovers Shadow IT: A Must-Have for MSPs

In this article, you will learn how shadow IT can become an invisible but significant security risk for companies. Find out how Asset Discovery helps IT service providers to uncover hidden devices and applications on the network. We also present proven measures for controlling shadow IT and improving network security.

November 6, 2024

Guide

Traditional Vulnerability Scanner vs. Security Audit Platform

Find out how lywand's security audit platform differs from traditional vulnerability scanners and which solution is best suited to your MSP business.

October 7, 2024

Guide

IT Security Through System Hardening: What You Need to Know as an MSP

System hardening is an essential process for protecting your customers' IT infrastructure. But what exactly is system hardening and why is it so important?

September 2, 2024