Active Exploitation of Confluence CVE-2022-26134 by Rapid7 | PT SWARM

Active Exploitation of Confluence CVE-2022-26134

by Rapid7

On June 2, 2022, Atlassian published a security advisory for CVE-2022-26134, a critical unauthenticated remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability was unpatched when it was published on June 2. As of June 3, both patches and a temporary workaround are available.
CVE-2022-26314 is an unauthenticated and remote OGNL injection vulnerability resulting in code execution in the context of the Confluence server (typically the confluence user on Linux installations). Given the nature of the vulnerability, internet-facing Confluence servers are at very high risk.

Contents:
• Technical analysis
•• The vulnerability
•• Root cause
•• The patch
•• Payloads
• Mitigation guidance

https://www.rapid7.com/ja/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/

PT SWARM

🎅 2.98K
Technologies

Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...

Join
▲ Vote (1)

Active Exploitation of Confluence CVE-2022-26134 by Rapid7 | PT SWARM

Login