Clicky Skip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Atlassian Confluence vulnerability

By 3 June 2022 June 8th, 2022 CERT, SOC, Vulnerability

This live blog contains information regarding the Atlassian Confluence vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on June 8, 2022.

Update June 8, 2022

16:00 |Meanwhile, updates are available. The advice is to install them as soon as possible. If patching is not possible, Atlassian has described a number of additional mitigating measures.

Update June 3, 2022

13:00 | On the 2th of June 2022, Atlassian released a security advisory regarding a new vulnerability in the Confluence Server and Data Center applications, referred to as CVE-2022-26134. The vulnerability is rated with a critical severity and allows an unauthenticated attacker to execute code remotely.

Atlassian warns that CVE-2022-26134 is actively being exploited. Currently there are no updates available, and it is advised to apply mitigative actions as described in the security advisory as soon as possible.

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Potential risk

On the 2th of June 2022, Atlassian released a security advisory regarding a new vulnerability in the Confluence Server and Data Center applications, referred to as CVE-2022-26134. This vulnerability allows an unauthenticated attacker to execute code remotely.

This vulnerability is rated as critical by Atlassian and implies a high risk of exploitation with high impact.

Detail info

Based on the Atlassian security advisory all supported versions on Confluence Server and Confluence Data Center are affected. It’s likely that all unsupported versions are affected, but this has still to be confirmed by Atlassian.

Currently there is no patch available for CVE-2022-26134. In the absence of a patch, it is recommended to restrict access to Confluence Server and Data Center instances from the internet.

If you are unable to restrict access to the instances, then it is advised to implement a Web Application Firewall (WAF) rule which blocks URLS containing ${.

For more information, please refer to the Atlassian Security Advisory.

Background

Subscribe

Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.