Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.
Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. Further details about the vulnerability are being withheld until a fix is available.
We expect that security fixes for supported versions of Confluence will begin to be available for customer download within 24 hours (estimated time, by EOD June 3 PDT).
There are currently no fixed versions of Confluence Server and Data Center available. In the interim, customers should work with their security team to consider the best course of action. Options to consider include:
This advisory will be updated as fixes become available.
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
Summary |
CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability in Confluence Server and Data Center |
Advisory Release Date |
02 Jun 2022 1 PM PDT (Pacific Time, -7 hours) |
Affected Products |
|
Affected Versions |
This advisory will be updated as additional details become available. |
Fixed Versions |
There are currently no fixed versions of Confluence Server and Data Center available. Atlassian is working with the highest priority to issue a fix. This advisory will be updated as additional details become available. |
CVE ID(s) |
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.