PT-2022-6598 · Atlassian+8 · Confluence+8

Published

2022-02-06

·

Updated

2026-06-04

·

CVE-2022-3517

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions minimatch versions 7.19.0 and earlier Confluence Data Center versions prior to 9.1.0
Description A vulnerability was found in the minimatch package, allowing a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. This flaw can be exploited by a remote attacker to perform a Denial of Service attack using regular expressions. The issue has a high impact on availability and requires no user interaction.
Recommendations For minimatch versions 7.19.0 and earlier, consider disabling the braceExpand function as a temporary workaround until a patch is available. For Confluence Data Center versions prior to 9.1.0, upgrade to a release greater than or equal to 9.1.0 to resolve the issue.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

ALSA-2022:8832
ALSA-2022:8833
ALSA-2022:9073
ALSA-2023:0050
ALSA-2023:0321
ALSA-2023:1743
AZL-44451
AZL-44946
BDU:2023-02699
CESA-2022_8833
CESA-2022_9073
CESA-2023_0050
CESA-2023_1743
CVE-2022-3517
DLA-3271-1
GHSA-F8Q6-P94X-37V3
MGASA-2025-0194
OESA-2022-2028
RHSA-2022:8832
RHSA-2022:8833
RHSA-2022:9073
RHSA-2022_8832
RHSA-2022_8833
RHSA-2022_9073
RHSA-2023:0050
RHSA-2023:0321
RHSA-2023:0612
RHSA-2023:1533
RHSA-2023:1742
RHSA-2023:1743
RHSA-2023_0050
RHSA-2023_0321
RHSA-2023_1743
RLSA-2022:8832
RLSA-2022:8833
RLSA-2022:9073
RLSA-2023:0050
RLSA-2023:0321
RLSA-2023:1743
USN-6086-1

Affected Products

Almalinux
Astra Linux
Centos
Confluence
Linuxmint
Red Hat
Red Os
Rocky Linux
Ubuntu