Threat Advisory

Atlassian Zero-day Vulnerability

June 7, 2022 | By Accorian

A critical remote code execution vulnerability was discovered in Atlassian’s Confluence Server and Data Centre products. The vulnerability has been assigned CVE-2022-26134 and is actively being exploited in the wild. All supported versions of Confluence Server and Data Centre are affected; however, it is anticipated that all versions of the enterprise solution are potentially vulnerable. A successful attack can result in an unauthenticated attacker gaining remote code execution of the unpatched server. 

CVE-2022-26134 was detected by a cybersecurity firm, Volexity. Volexity also discovered that the zero-day vulnerability was used to install a BEHINDER JSP web shell allowing the attackers to execute commands on the vulnerable server remotely. Along with the BEHINDER web shell, they also deployed the China Chopper web shell and a simple file upload tool as a backup mechanism to maintain access to the compromised server.

On Friday, June 3, Atlassian released patches which addressed the vulnerability. The patched versions are 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1. If it is not feasible to upgrade immediately, Atlassian has suggested customers restrict Confluence Server and Data Centre instances from the internet or disable the instances altogether. Additionally, Atlassian also urged implementing a web application firewall (WAF) rule which blocks URLs containing “${” to reduce the risk.

Accorian recommends ensuring that the latest patches have been installed along with the workarounds released by Atlassian. 

Accorian can help identify such vulnerabilities in your environment. Simply reply back to this mail and one of your team members will get in touch with you.

Source: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html 

Recent Post

    Ready to Start?

    Shukla CPA, d.b.a Accorian Assurance is a licensed, certified public accounting firm registered with the American Institute of Pubic Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB). Esha IT Corp d.b.a Accorian is a global leader in cybersecurity and compliance professional services.

    © 2023 Accorian. All Rights Reserved.

      Ready to Start?

      Download Case study

      Download SOC2 Guide

      Human Resources Director

      Posted On: 09 May, 2022

      Drop your CVs to joinourteam@accorian.com

        Interested Position
        First Name
        Last Name
        Email
        Total Experience
        Mobile Number
        Upload Resume