Issued: Sunday, 5 June, 2022 |
Last Revision: Sunday, 5 June, 2022 |
Vendor: |
Product: |
Severity Level: |
A flaw in Atlassian Confluence Server and Data Centre has been uncovered, which might allow an unauthenticated user to run arbitrary code.
If this vulnerability is successfully exploited, remote code execution could be possible in the context of the account that runs the Confluence Server or Data Centre service. An attacker could see, alter, or remove data depending on the privileges associated with the account.
This Vulnerability is tagged as CVE-2022-26134, and it is classified Critical.
This vulnerability is being actively exploited by threat actors. Volexity, a cybersecurity firm, utilized a proof-of-concept exploit to demonstrate that it likely affects all current Confluence versions.
CVE/Vulnerability | Description | Severity/Score |
CVE-2022-26134 | Unauthenticated remote code execution vulnerability | Critical |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) | Fixed Version(s) |
CVE-2022-26134 | All supported versions of Confluence Server and Data Center are affected. Confluence Server and Data Center versions after 1.3.0 are affected. | 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 |
Table 2: Vulnerable versions
We recommend the impacted organization upgrade to the latest Long-Term Support release immediately to mitigate their risk.