June 6, 2022
Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild
Atlassian has released new Confluence ‘Server’ and ‘Data Center’ versions addressing an exploited in the wild critical remote code execution vulnerability.
- CVE-2022-26134, Critical Severity – OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence ‘Server’ or ‘Data Center’ instance.
- Confluence ‘Server’ and ‘Data Center’:
- Prior to version 7.4.17.
- Prior to version 7.13.7.
- Prior to version 7.14.3.
- Prior to version 7.15.2.
- Prior to version 7.16.4.
- Prior to version 7.17.4.
- Prior to version 7.18.1.
CYREBRO recommends updating relevant products to their latest available versions.
References: Confluence Advisory.