Atlassian Warns of Critical Confluence RCE Vulnerability
Atlassian has warned of a critical security vulnerability, CVE-2022-26134, affecting Confluence Server and Data Center versions after 1.3.0. The vulnerability allows unauthenticated remote code execution and is actively being exploited.
Qualys Web Application Scanning has released QID 150523 to detect this vulnerability. It sends an HTTP GET request with a crafted OGNL payload to identify affected Confluence applications. The vulnerability, discovered in June 2022, has a CVSSv3 score of 9.8, indicating its severe nature. Multiple proof of concept exploits are available on GitHub. Organizations are urged to upgrade to patched versions, including 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1, to remediate the issue.
CVE-2022-26134 is an unauthenticated OGNL Injection remote code execution vulnerability. Atlassian's security advisory stresses the importance of updating Confluence to mitigate this serious threat.
Read also:
- Bridge the IT-Security Divide with Qualys VMDR for ITSM: A New Application to Streamline Your IT and Security Operations
- Italy passes AI legislation addressing privacy concerns, supervision, and kid-safe access
- East Asian countries should be cautious, as scamming operations are moving towards the region - it's high time we stay vigilant. - Phar Kim Beng
- Senators pressure nominated leader of CISA on election security concerns, focus of agency highlighted
