Security Advisory: CVE-2022-26134 RCE in multiple Atlassian products - Lacework

Security Advisory: CVE-2022-26134 RCE in multiple Atlassian products

Lacework Labs

June 3, 2022

More flexibility and visibility with agentless coverage for workloadsZusammenfassung

On Jun 2nd  Lacework Labs was made aware of CVE-2022-26134, a critical unauthenticated remote code execution vulnerability within Atlassian’s Confluence Server and Data Center products. This vulnerability was originally discovered and reported to Atlassian by Volexity, during an incident response investigation. While Atlassian reported active exploitation in the wild, there is currently no publicly available exploit. 


At the time of this writing,
CVE-2022-26134 does not have an official CVSS rating, but is expected to be high due to the impact of the vulnerability. What makes this particular vulnerability further concerning is the lack of patch at this time of reporting. According to to Atlassian’s security advisory:

There are currently no fixed versions of Confluence Server and Data Center available. Atlassian is working with the highest priority to issue a fix.This advisory will be updated as additional details become available” – Atlassian

Lacework Labs is actively monitoring their sensor network for opportunistic attackers leveraging the vulnerability and integrating appropriate IoCs within the Lacework product. The image below shows the total public facing confluence servers discoverable via Shodan.

Confluence Coverage via Shodan

Known Effected Software

  • All supported versions of Confluence Server
  • All supported versions of Confluence Data Center

Remediation

Atlassian has released a fix for this vulnerability. Please follow Atlassian’s official security advisory listed here to patch vulnerable hosts.

Supporting Articles

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html 

 

For more content like this follow us on Twitter and LinkedIn!