CVE-2022-26134

Name of the Vulnerable Software and Affected Versions Atlassian Confluence Server and Data Center versions prior to 7.4.17 Atlassian Confluence Server and Data Center versions 7.13.0 through 7.13.6 Atlassian Confluence Server and Data Center versions 7.14.0 through 7.14.2 Atlassian Confluence Server and Data Center versions 7.15.0 through 7.15.1 Atlassian Confluence Server and Data Center versions 7.16.0 through 7.16.3 Atlassian Confluence Server and Data Center versions 7.17.0 through 7.17.3 Atlassian Confluence Server and Data Center version 7.18.0

Description The issue is related to an OGNL injection vulnerability that allows an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. This vulnerability has been exploited in real-world incidents, with attackers deploying cryptocurrency mining malware and web shells, such as BEHINDER, on compromised servers. The estimated number of potentially affected devices worldwide is not specified, but it is known that at least 211 unique IP addresses have been identified as exploiting this vulnerability.

Recommendations For versions prior to 7.4.17, update to version 7.4.17 or later. For versions 7.13.0 through 7.13.6, update to version 7.13.7 or later. For versions 7.14.0 through 7.14.2, update to version 7.14.3 or later. For versions 7.15.0 through 7.15.1, update to version 7.15.2 or later. For versions 7.16.0 through 7.16.3, update to version 7.16.4 or later. For versions 7.17.0 through 7.17.3, update to version 7.17.4 or later. For version 7.18.0, update to version 7.18.1 or later. As a temporary workaround, consider restricting access to the service through the Internet, shutting down Confluence, or blocking links containing ${ to reduce the risk.