Critical vulnerability in Atlassian Confluence

Atlassian published a security advisory for the vulnerability CVE-2022-26134, which is a critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center.

Vulnerability: CVE-2022-26134

Severity: Critical

On June 2, 2022, Atlassian, developer of tools such as Jira and Trello, published a security advisory for the vulnerability CVE-2022-26134. This is a critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center. The vulnerability is rated as critical and can be easily exploited.

Which versions are affected?

All versions of Confluence Server and Data Center prior to the fixed versions listed below are affected by this vulnerability.

Patches

Atlassian recommends upgrading to the latest long-term support version. For a detailed description of the latest version, please view the Confluence Server and Data Center release notes.

The following versions contain the patch for the vulnerability:

7.4.17
7.13.7
7.14.3
7.15.2
7.16.4
7.17.4
7.18.1

You can download the latest version from the Download Center.

Vulnerability detection

After announcement of the new vulnerability, our go.lywand.com platform was updated.

The vulnerability can be identified in the course of lywand's security audits.

More info

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/

Bernhard Schildendorfer

June 3, 2022

Category

Guide

Might be also Interesting

Guide

Patch management under control? The reality often shows something different.

How a security audit uncovered unexpected weaknesses in patch management - and was the start of a sustainable security strategy.

April 29, 2025

Guide

Asset Discovery Uncovers Shadow IT: A Must-Have for MSPs

In this article, you will learn how shadow IT can become an invisible but significant security risk for companies. Find out how Asset Discovery helps IT service providers to uncover hidden devices and applications on the network. We also present proven measures for controlling shadow IT and improving network security.

November 6, 2024

Guide

Traditional Vulnerability Scanner vs. Security Audit Platform

Find out how lywand's security audit platform differs from traditional vulnerability scanners and which solution is best suited to your MSP business.

October 7, 2024

Purpose	So that the user's cookie preferences can be taken into account, these are stored in the cookies.
Data	Accepted or rejected cookie categories
Originator	Lywand Software GmbH
Privacy Policy	lywand.com/datenschutzerklaerung

Purpose	This web analytics tool allows us to compile user statistics about your website activity and to best tailor our website to your interests.
Data	anonymized IP address, pseudonymized user identification, date and time of the request, amount of data transferred incl. message as to whether the request was successful, browser used, operating system used, website from which access was made.
Originator	Google Ireland Limited
Privacy Policy	https://policies.google.com/privacy

Purpose	Representation of the company's location using Google's map service.
Data	Date and time of visit, location information, IP address, URL, usage data, search terms, geographic location.
Originator	Google Ireland Limited
Privacy Policy	https://policies.google.com/privacy

Purpose	Convenient appointment scheduling via Calendly directly on the website.
Data	Appointment information, calendar information, information from third-party software providers, payment information, chatbot data, marketing information, log & device data, cookie data, usage data
Originator	Calendly LLC
Privacy Policy	calendly.com/privacy

Purpose	This data processing is performed by YouTube to ensure the functionality of the player.
Data	Device information, IP address, referrer URL, viewed videos
Originator	Google Ireland Limited
Privacy Policy	https://policies.google.com/privacy

Cookie Settings

Patches

Vulnerability detection

More info

Might be also Interesting

Patch management under control? The reality often shows something different.

Asset Discovery Uncovers Shadow IT: A Must-Have for MSPs

Traditional Vulnerability Scanner vs. Security Audit Platform