Security Bulletin - Active Exploitation of Zero Day Present in Atlassian Confluence
Published Date: 07/06/2022
The purpose of this alert is to bring attention a CRITICAL vulnerability present in Atlassian Confluence implementations, known as CVE-2022-26134. Exploitation of this vulnerability results in unauthenticated Remote Code Execution (RCE) and escalated privileges. Active exploitation of this vulnerability is occurring in the wild.
On 2 June 2022, Atlassian issued a notification describing a critical vulnerability known as CVE-2022-26134 present in Atlassian Confluence Server and Data Centre. The notification indicates that this CVE is CRITICAL and that the vulnerability is under active exploitation.
CVE-2022-26134 allows for unauthenticated Remote Code Execution (RCE) on Atlassian Confluence Server and Data Centre implementations, which can result in malicious code being executed without the requirement for authentication.
This vulnerability grants Threat Actors the ability to install malicious software and webshells or perform other malicious actions.
It is understood that the vulnerability is present in the following versions of Atlassian Confluence and Data Centre:
All supported versions of Confluence Server and Data Centre are affected.
Confluence Server and Data Centre versions after 1.3.0 are affected.