Confluence Server Vulnerability

Atlassian’s Confluence server and data center are vulnerable to a new zero-day vulnerability. As a precaution, users should prevent access to their Confluence servers over the internet. In addition, users should disable their Confluence instances. A firewall may reduce the risk of an attack. The company expects to release a fix for this issue by Friday, June 3. The vulnerability was discovered during an incident response investigation by Volexity. The company reported the vulnerability to Atlassian on May 31.

The Atlassian security advisory discusses the Confluence server vulnerability as CVE-2022-26134. This vulnerability is critical because it allows threat actors to access confidential information and compromise systems. If a threat actor manages to compromise a Confluence server, they could publicly share documents and demand a ransom to unlock them. However, these threats are relatively easy to mitigate. As a result, the company has released mitigations to mitigate this vulnerability.

This vulnerability affects both the Confluence server and the Confluence data center. Atlassian has released an updated version of both. The vulnerability affects earlier versions of the software, but it has not been exploited in production. If you use this product, you should upgrade immediately to avoid the risk of an attack. To protect your company, implement a WAF and install the update as soon as possible. In the meantime, you should follow Atlassian’s recommended patches and mitigations.

The Atlassian Confluence collaboration tool is a wiki-style platform for collaboration. Confluence helps teams share knowledge and collaborate on projects. It is available as an on-premises version and self-managed enterprise edition. The security advisory recommends upgrading to the latest version to avoid the risk. The patch will resolve the vulnerability. The latest versions of Confluence will address the issue. In the meantime, it is important to update your servers to patch any vulnerability, especially CVE-2022-26134.

Atlassian’s Confluence Server Vulnerability

The Volexity team notified Atlassian of the vulnerability prior to its publication. The exploit allows bad actors to execute arbitrary code by injecting a malicious file into the server’s memory. It is also possible for an attacker to upload arbitrary files onto the Confluence server. The exploit was shared on the internet. The vulnerability sparked a spate of exploit kits, and a large number of websites dedicated to exposing vulnerabilities to Atlassian products.

Volexity discovered CVE-2022-26134 over Memorial Day weekend. It found that the vulnerability exists on two Confluence servers facing the internet. The exploit used a webshell known as Behinder in memory. It also allows attackers to perform reconnaissance, dump user tables, and exploit the system. The exploit allows a remote attacker to take control of the Confluence server. If the attacker manages to gain access, the attacker will be able to access the rest of the website.

Cyber threat actors are exploiting the CVE-2022-26134 in the Atlassian Confluence server. Once an attacker has access to a victim’s Confluence website, he can exploit it to install a web shell. Volexity and Atlassian are coordinating to release a patch for this vulnerability. The mitigations listed above may be sufficient until the problem is resolved. But until then, organizations should take care to ensure their systems are updated with the latest version of Confluence.