CVE-2022-26134: Atlassian Confluence remote code execution vulnerability

On June 2, 2022, Atlassian officially issued a risk notice for Confluence Server and Data Center. The vulnerability number is CVE-2022-26134, and the vulnerability level is critical. The flaw was reported by the cybersecurity firm Volexity.

Confluence Data Center is a self-managed solution that provides you with the additional configuration options you need to meet the collaboration needs of the most demanding teams.

Confluence Server & Data Center are vulnerable to unauthenticated remote code execution vulnerability that is under active exploitation.

“Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. There are currently no fixed versions of Confluence Server and Data Center available. Atlassian is working with the highest priority to issue a fix,” it said in an advisory.

Atlassian says that they confirmed the CVE-2022-26134 in Confluence Server 7.18.0 which is known to have been exploited in the wild and although Confluence Server and Data Center versions 7.4.0 and later are potentially vulnerable. Cybersecurity firm Volexity has published a blog post detailing how they originally found this vulnerability, prior to reporting it to Atlassian. The Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

At the time of writing, there are currently no fixed versions of Confluence Server and Data Center available. There are no other ways to mitigate this vulnerability. Atlassian is telling customers to make their servers inaccessible by one of these two methods:

• Restricting Confluence Server and Data Center instances from the internet.
• Disabling Confluence Server and Data Center instances.