Atlassian Releases Patches for Zero-Day Confluence RCE Flaw
Atlassian has released new security updates to fix a critical flaw affecting its Confluence Server and Data Center products. The vulnerability, tracked as CVE-2022-26134, allows for unauthenticated remote code execution on unpatched servers.
The zero-day security flaw was disclosed by security company Volexity last week, and it impacts all supported versions (except those hosted on Atlassian Cloud) of the products. The researchers found that malicious actors are currently exploiting the vulnerability to install the Chopper webshell and other malware. This prompted the Cybersecurity & Infrastructure Security Agency (CISA) to encourage federal agencies to block all internet access to Confluence servers on their networks.
“The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. All versions of Confluence Server and Data Center prior to the fixed versions listed above are affected by this vulnerability,” Atlassian noted in its security advisory.
Security researchers also published a proof of concept (PoC) for the critical CVE-2022-26134 vulnerability on June 3. The proof of concept code demonstrates the process of creating new admin accounts, pushing DNS requests, collecting sensitive data, as well as generating reverse shells.
Additionally, the CEO of cybersecurity company GreyNoise revealed on Twitter that 727 unique IP addresses have already attempted to breach into Internet-exposed and unpatched Confluence servers.
Atlassian recommends customers to patch Confluence servers
Atlassian has rolled out security patches to address the flaw in versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1. The company has advised all enterprise customers to upgrade to the latest version of Confluence. Meanwhile, IT administrators who cannot apply the patches immediately should update some JAR files on their Confluence servers.
It is important to note that this isn’t the first time a security exploit has been identified in Atlassian’s Confluence server. Last year, US Cybercom issued an alert about the mass exploitation of a high severity remote code execution vulnerability found in Confluence Server and Data Center.
More in Security
How to Enable Windows 11 Config Lock on Secured-Core PCs
Dec 2, 2022 | Dean Ellerby
Microsoft Defender Vulnerability Management Now Supports Firmware Assessments
Nov 29, 2022 | Rabia Noureen
Microsoft Entra Workload Identities Service is Now Generally Available
Nov 29, 2022 | Rabia Noureen
Microsoft Authenticator to Enable Number Matching Security Feature by Default in February 2023
Nov 21, 2022 | Rabia Noureen
Microsoft Defender for Endpoint Adds Network Protection on iOS and Android
Nov 11, 2022 | Rabia Noureen
What is a Software-Defined Perimeter?￼
Nov 11, 2022 | Sukesh Mudrakola
Most popular on petri