Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability
*Information from Atlassian*
Summary of Vulnerability
Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. Further details about the vulnerability are being withheld until a fix is available.
We expect that security fixes for supported versions of Confluence will begin to be available for customer download within 24 hours (estimated time, by EOD June 3 PDT).
What You Need to Do
There are currently no fixed versions of Confluence Server and Data Center available. In the interim, customers should work with their security team to consider the best course of action. Options to consider include:
- Restricting access to Confluence Server and Data Center instances from the internet.
- Disabling Confluence Server and Data Center instances.
This advisory will be updated as fixes become available.
Additional Information
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
Summary |
CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability in Confluence Server and Data Center |
Advisory Release Date |
02 Jun 2022 1 PM PDT (Pacific Time, -7 hours) |
Affected Products |
|
Affected Versions |
This advisory will be updated as additional details become available. |
Fixed Versions |
There are currently no fixed versions of Confluence Server and Data Center available. Atlassian is working with the highest priority to issue a fix. This advisory will be updated as additional details become available. |
CVE ID(s) |