In its simplest form, an exploit abusing the vulnerability looks like this: curl -v Ībove, the exploit is URL-encoded. Any type of HTTP method appears to work, whether valid (GET, POST, PUT, etc) or invalid (e.g. The OGNL payload is placed in the URI of an HTTP request. The vulnerabilityĪs stated, the vulnerability is an OGNL injection vulnerability affecting the HTTP server. Organizations maintaining an internet-facing Confluence or Data Server may want to consider permanently moving access behind a VPN. Last year, Atlassian Confluence suffered from a different unauthenticated and remote OGNL injection, CVE-2021-26084. Given the nature of the vulnerability, internet-facing Confluence servers are at very high risk. Technical analysisĬVE-2022-26314 is an unauthenticated and remote OGNL injection vulnerability resulting in code execution in the context of the Confluence server (typically the confluence user on Linux installations). If you are unable to mitigate the vulnerability for any version of Confluence, you should restrict or disable Confluence Server and Confluence Data Center instances immediately. Organizations should install patches OR apply the workaround on an emergency basis. Rapid7's Managed Detection and Response (MDR) team has observed an uptick of likely exploitation of CVE-2022-26134 in customer environments as of June 3.Īll supported versions of Confluence Server and Data Center are affected.Ītlassian updated their advisory on June 3 to reflect that it's likely that all versions (whether supported or not) of Confluence Server and Data Center are affected, but they have yet to confirm the earliest affected version. As of June 3, both patches and a temporary workaround are available.ĬVE-2022-26134 is being actively and widely exploited in the wild. The vulnerability was unpatched when it was published on June 2. On June 2, 2022, Atlassian published a security advisory for CVE-2022-26134, a critical unauthenticated remote code execution vulnerability in Confluence Server and Confluence Data Center.
0 kommentar(er)
