Alert Logic is actively researching an unauthenticated remote code execution (RCE) vulnerability in Atlassian Confluence – CVE-2022-26134. At this time, details about the vulnerability are limited, but Atlassian has announced it is a critical severity and is actively being exploited.
Who is affected?
All customers running a supported version of Confluence Server and Data Center are affected. It is likely that previous versions are affected as well. Confluence Cloud is not affected by this vulnerability.
What can I do?
Atlassian recommends that you upgrade to the latest Long Term Support release. A fix has been released in the following versions - 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1.
If you are unable to upgrade Confluence immediately, a temporary workaround is available. For details on the workaround and additional vulnerability details, refer to the official Atlassian vulnerability disclosure page.
How is Alert Logic helping me?
Network IDS: Due to similarities with previous CVEs, existing IDS signatures allow Alert Logic to detect the currently known exploit attempts for this vulnerability. Additionally, Alert Logic has released a specific signature for this CVE.
Vulnerability Scanning: Alert Logic released scan coverage on June 3, 2022, by 17:30 CST to identify this vulnerability. An unauthenticated scan performed after this release will check for the version of Atlassian Confluence, and an exposure will be raised for CVE-2022-26134 if a vulnerable version is found.
Log Management: Alert Logic has deployed initial telemetry analytics to aid in detection research.
Web Application Firewall: At this time, it is not expected that WAF is appropriate for this threat; however, Alert Logic will continue this assessment.
Alert Logic appliances and infrastructure are not affected by this vulnerability.
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
06/04/2022: Atlassian released a fix in several versions of Confluence. Additionally, Alert Logic has released scan coverage and IDS signatures to detect vulnerable versions and exploit attempts.