Skip to content

Atlassian Confluence critical 0-day: Company recommends disabling app

  • by
  • 2 min read

Atlassian has issued a warning for a zero-day vulnerability in their team collaboration tool, Confluence, which could trigger unauthenticated remote code execution.

Tracked as CVE-2022-26134, the vulnerability currently remains unfixed.

Atlassian has advised restricting internet access or disabling the Confluence server and data centre. Those who can’t do that can implement a Web Application Firewall rule and block URLs containing ${ which may reduce the risk.

According to the Australia-based software company, security fixes for the vulnerability should be available in 24 hours. The company also mentions that Confluence sites accessed via Atlassian Cloud (atlassian.net) are not affected.

“Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. There are currently no fixed versions of Confluence Server and Data Center available,” Atlassian warns is the security advisory.”

The vulnerability was found by cybersecurity firm Volexity, who informed Atlassian on May 31, 2022.

Cloudflare says that its customers are protected from the Atlassian Confluence vulnerability.

“No patch is available yet but Cloudflare customers using either WAF or Access are already protected. Our own Confluence nodes are protected by both WAF and Access, and at the time of writing, we have found no evidence that our Confluence instance was exploited,” Cloudflare explained.

What is a Zero-day exploit and how to protect against it?

“Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk,” Volexity said in their analysis of the vulnerability. ” After a thorough review of the collected data,”

“Volexity was able to determine the server compromise stemmed from an attacker launching an exploit to achieve remote code execution. Volexity was subsequently able to recreate that exploit and identify a zero-day vulnerability impacting fully up-to-date versions of Confluence Server.”

In the News: DOJ charges former OpenSea exec for insider trading

nv-author-image

Prayank

Writes news mostly and edits almost everything at Candid.Technology. He loves taking trips on his bikes or chugging beers as Manchester United battle rivals. Contact Prayank via email: prayank@pm.me

>