CVE-2022-26134

Description from NVD

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

Information Acquisition Date:2022-09-26T05:12Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://jira.atlassian.com/browse/CONFSERVER-79016
     source:MISC
     tags:Patch    Vendor Advisory    
 http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
     source:MISC
     tags:

This vulnerability may involve a PoC.

Description from Forti

Atlassian Confluence Remote Code Execution via OGNL Injection

Information Acquisition Date:2022/06/10

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com51
https://lists.astaro.com/ASGV9-IPS-rules.html#033
https://medium.com30
http://twinybots.ch14
http://cyberiqs.com/latestnews11
https://www.splunk.com/en_us/blog/security/atlassian-conflu...9
https://ift.tt/Nqwcbni8
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/0...8
https://blog.cloudflare.com/cloudflare-customers-are-protec...8
https://www.vulnmachines.com8
https://wiki7
https://sysdig.com/blog/cve-2022-26134-atlassian-confluence7
https://thehackernews.com/2022/06/hackers-exploiting-unpatc...7
http://www.kitploit.com/2022/06/confluencepot-simple-honeyp...6
https://unit42.paloaltonetworks.com/cve-2022-26134-atlassia...6
https://bugalert.org/content/notices/2022-06-02-confluence....5
https://blog.aquasec.com/8220-gang-confluence-vulnerability...5
https://www.greynoise.io/blog/observed-in-the-wild-atlassia...5
https://www.jpcert.or.jp/at/2022/at220015.html5
https://www.trendmicro.com/en_us/research/22/i/atlassian-co...5
https://noticiasseguridad.com/vulnerabilidades/cve-2022-261...5
https://securityboulevard.com/2022/06/imperva-customers-are...5
https://bit.ly/3Qul9ky4
https://blog.trendmicro.co.jp/archives/314314
https://packetstormsecurity.com/files/1674314
https://www.helpnetsecurity.com/2022/06/03/cve-2022-261344
https://www.bleepingcomputer.com/news/security/exploit-rele...4
http://t.me/gobies3
https://github.com/offlinehoster/CVE-2022-261343
http://go.usa.gov/xJWGw3
https://opsmtrs.com/326Reu83
https://twitter.com/hackinglz/status/15324809053353451523
https://news24.c1.is/2023/01/07/severe-confluence-vulnerabi...3
https://tryhackme.com/room/cve2022261343
https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rap...3
https://www.rapid7.com/blog/post/2022/06/02/active-exploita...3
https://blog.qualys.com/vulnerabilities-threat-research/202...3
https://tweetedtimes.com/WestShoreInvest?s=tnp3
https://us-cert.cisa.gov/ncas/current-activity/2022/06/02/a...3
https://viz.greynoise.io/tag/atlassian-confluence-server-cv...3
https://www.cibertip.com/virus/nuevo-malware-de-ta8220-infe...3
https://www.lacework.com/blog/kinsing-dark-iot-botnet-among...3
https://www.tarlogic.com/blog/cve-2022-26134-zero-day-vulne...3
https://www.volexity.com/blog/2022/06/02/zero-day-exploitat...3
https://www.hackerone.com/application-security/severe-confl...3
https://www.pwndefend.com/2022/06/03/cve-2022-26134-conflue...3
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-...3
https://blog.barracuda.com/2022/06/09/atlassian-confluence-...3
https://securityaffairs.co/wordpress/131909/hacking/atlassi...3
https://news.ycombinator.com/item?id=316528893
https://www.securityweek.com/atlassian-patches-confluence-z...3
https://polarisec.substack.com/p/all-polaris-customers-are-...3
https://community.atlassian.com/t5/Enterprise-articles/Are-...3
https://research.trendmicro.com/3UsdLbn3
https://securityforeveryone.com/tools/confluence-remote-cod...3
https://www.itsecuritynews.info/cisa-adds-one-known-exploit...3
https://confluence.atlassian.com/doc/confluence-security-ad...3
https://ipssignatures.appspot.com/?cve=CVE-2022-261343

Information from Twitter

User URL Info Source Date
Prohacktiv3 https://github.com/wjlin0/CVE-2022-26134 Source Prohacktiv3      1607279773193232385 2022/12/26
Prohacktiv3 https://twitter.com/Prohacktiv3/status/1607279773193232385/... Source Prohacktiv3      1607279773193232385 2022/12/26
Saad10886950 https://news24.c1.is/2023/01/07/severe-confluence-vulnerabi... Source Saad10886950     1611533154392629248 2023/01/07
Talha25891968 https://news24.c1.is/2023/01/07/severe-confluence-vulnerabi... Source Talha25891968    1611533169127292929 2023/01/07
ZohaibJ74981429 https://news24.c1.is/2023/01/07/severe-confluence-vulnerabi... Source ZohaibJ74981429 1611533182876237826 2023/01/07
sheikhrishad0 https://twitter.com/sheikhrishad0/status/161637395573624422... Source sheikhrishad0    1616373955736244225 2023/01/20
RutledgeMarlena https://bugalert.org/content/notices/2022-06-02-confluence.... Source RutledgeMarlena 1619640051922800641 2023/01/29

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com51
lists.astaro.com33
medium.com30
twinybots.ch14
cyberiqs.com11
www.splunk.com9
ift.tt8
www.cisa.gov8
blog.cloudflare.com8
www.vulnmachines.com8
wiki7
sysdig.com7
thehackernews.com7
www.kitploit.com6
unit42.paloaltonetworks.com6
bugalert.org5
blog.aquasec.com5
www.greynoise.io5
www.jpcert.or.jp5
www.trendmicro.com5
noticiasseguridad.com5
securityboulevard.com5
bit.ly4
blog.trendmicro.co.jp4
packetstormsecurity.com4
www.helpnetsecurity.com4
www.bleepingcomputer.com4
t.me3
github.com3
go.usa.gov3
opsmtrs.com3
twitter.com3
news24.c1.is3
tryhackme.com3
attackerkb.com3
www.rapid7.com3
blog.qualys.com3
tweetedtimes.com3
us-cert.cisa.gov3
viz.greynoise.io3
www.cibertip.com3
www.lacework.com3
www.tarlogic.com3
www.volexity.com3
www.hackerone.com3
www.pwndefend.com3
www.trustwave.com3
blog.barracuda.com3
securityaffairs.co3
news.ycombinator.com3
www.securityweek.com3
polarisec.substack.com3
community.atlassian.com3
research.trendmicro.com3
securityforeveryone.com3
www.itsecuritynews.info3
confluence.atlassian.com3
ipssignatures.appspot.com3

Information from Twitter

User URL Info Source
Prohacktiv3 github.com Show Tweet
Prohacktiv3 twitter.com Show Tweet
Saad10886950 news24.c1.is Show Tweet
Talha25891968 news24.c1.is Show Tweet
ZohaibJ74981429 news24.c1.is Show Tweet
sheikhrishad0 twitter.com Show Tweet
RutledgeMarlena bugalert.org Show Tweet
GitHub Search Results: Up to 10
NameURL
Nwqda/CVE-2022-26134 https://github.com/Nwqda/CVE-2022-26134
BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
jbaines-r7/through_the_wire https://github.com/jbaines-r7/through_the_wire
0x14dli/cve2022-26134exp https://github.com/0x14dli/cve2022-26134exp
h3v0x/CVE-2022-26134 https://github.com/h3v0x/CVE-2022-26134
SNCKER/CVE-2022-26134 https://github.com/SNCKER/CVE-2022-26134
SIFalcon/confluencePot https://github.com/SIFalcon/confluencePot
nxtexploit/CVE-2022-26134 https://github.com/nxtexploit/CVE-2022-26134
W01fh4cker/Serein https://github.com/W01fh4cker/Serein
iveresk/cve-2022-26134 https://github.com/iveresk/cve-2022-26134
GitHub Search Results: Up to 10
NameURL
Nwqda/CVE-2022-26134 github.com
BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL github.com
jbaines-r7/through_the_wire github.com
0x14dli/cve2022-26134exp github.com
h3v0x/CVE-2022-26134 github.com
SNCKER/CVE-2022-26134 github.com
SIFalcon/confluencePot github.com
nxtexploit/CVE-2022-26134 github.com
W01fh4cker/Serein github.com
iveresk/cve-2022-26134 github.com
2023/02/01 Score : 0
Added Har-sia Database : 2022/06/03
Last Modified : 2023/02/01
Highest Scored Date : 2022/06/04
Highest Score : 403