CVE-2022-26134

Description from NVD

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

Information Acquisition Date:2022-09-26T05:12Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://jira.atlassian.com/browse/CONFSERVER-79016
     source:MISC
     tags:Patch    Vendor Advisory    
 http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
     source:MISC
     tags:

This vulnerability may involve a PoC.

Description from Forti

Atlassian Confluence Remote Code Execution via OGNL Injection

Information Acquisition Date:2022/06/10

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Java(1 tweets) Linux(1 tweets) VMware(2 tweets) Windows(3 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com51
https://lists.astaro.com/ASGV9-IPS-rules.html#033
https://medium.com20
http://twinybots.ch14
http://cyberiqs.com/latestnews11
https://www.splunk.com/en_us/blog/security/atlassian-conflu...9
https://ift.tt/Nqwcbni8
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/0...8
https://blog.cloudflare.com/cloudflare-customers-are-protec...8
https://www.vulnmachines.com8
https://wiki7
https://sysdig.com/blog/cve-2022-26134-atlassian-confluence7
https://thehackernews.com/2022/06/hackers-exploiting-unpatc...7
http://www.kitploit.com/2022/06/confluencepot-simple-honeyp...6
https://unit42.paloaltonetworks.com/cve-2022-26134-atlassia...6
https://bugalert.org/content/notices/2022-06-02-confluence....5
https://blog.aquasec.com/8220-gang-confluence-vulnerability...5
https://www.greynoise.io/blog/observed-in-the-wild-atlassia...5
https://www.jpcert.or.jp/at/2022/at220015.html5
https://www.trendmicro.com/en_us/research/22/i/atlassian-co...5
https://noticiasseguridad.com/vulnerabilidades/cve-2022-261...5
https://securityboulevard.com/2022/06/imperva-customers-are...5
https://bit.ly/3Qul9ky4
https://blog.trendmicro.co.jp/archives/314314
https://packetstormsecurity.com/files/1674314
https://www.helpnetsecurity.com/2022/06/03/cve-2022-261344
https://www.bleepingcomputer.com/news/security/exploit-rele...4
http://t.me/gobies3
https://github.com/offlinehoster/CVE-2022-261343
http://go.usa.gov/xJWGw3
https://opsmtrs.com/326Reu83
https://twitter.com/hackinglz/status/15324809053353451523
https://news24.c1.is/2023/01/07/severe-confluence-vulnerabi...3
https://tryhackme.com/room/cve2022261343
https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rap...3
https://www.rapid7.com/blog/post/2022/06/02/active-exploita...3
https://blog.qualys.com/vulnerabilities-threat-research/202...3
https://tweetedtimes.com/WestShoreInvest?s=tnp3
https://us-cert.cisa.gov/ncas/current-activity/2022/06/02/a...3
https://viz.greynoise.io/tag/atlassian-confluence-server-cv...3
https://www.cibertip.com/virus/nuevo-malware-de-ta8220-infe...3
https://www.lacework.com/blog/kinsing-dark-iot-botnet-among...3
https://www.tarlogic.com/blog/cve-2022-26134-zero-day-vulne...3
https://www.volexity.com/blog/2022/06/02/zero-day-exploitat...3
https://www.hackerone.com/application-security/severe-confl...3
https://www.pwndefend.com/2022/06/03/cve-2022-26134-conflue...3
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-...3
https://blog.barracuda.com/2022/06/09/atlassian-confluence-...3
https://securityaffairs.co/wordpress/131909/hacking/atlassi...3
https://news.ycombinator.com/item?id=316528893
https://www.securityweek.com/atlassian-patches-confluence-z...3
https://polarisec.substack.com/p/all-polaris-customers-are-...3
https://community.atlassian.com/t5/Enterprise-articles/Are-...3
https://research.trendmicro.com/3UsdLbn3
https://securityforeveryone.com/tools/confluence-remote-cod...3
https://www.itsecuritynews.info/cisa-adds-one-known-exploit...3
https://confluence.atlassian.com/doc/confluence-security-ad...3
https://ipssignatures.appspot.com/?cve=CVE-2022-261343

Information from Twitter

User URL Info Source Date
ds_bryan https://bit.ly/3EOf3qT Source ds_bryan         1631634258082013184 2023/03/03
ds_bryan https://twitter.com/ds_bryan/status/1631634258082013184/pho... Source ds_bryan         1631634258082013184 2023/03/03
msxfaq https://www.msxfaq.de/windows/confluence_cve_2022_26134.htm Source msxfaq           1635638402669240322 2023/03/14
ipssignatures https://twitter.com/Vulnmachines/status/1553019717798936576 Source ipssignatures    1640565881137758209 2023/03/28
jojoginta https://medium.com Source jojoginta        1640678627158392832 2023/03/28
__kokumoto https://www.securityweek.com/most-weaponized-vulnerabilitie... Source __kokumoto       1641088615957815296 2023/03/29
netsecu https://www.seqrite.com/blog/cve-2022-26134-actively-exploi... Source netsecu          1646679148780216320 2023/04/14

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com51
lists.astaro.com33
medium.com20
twinybots.ch14
cyberiqs.com11
www.splunk.com9
ift.tt8
www.cisa.gov8
blog.cloudflare.com8
www.vulnmachines.com8
wiki7
sysdig.com7
thehackernews.com7
www.kitploit.com6
unit42.paloaltonetworks.com6
bugalert.org5
blog.aquasec.com5
www.greynoise.io5
www.jpcert.or.jp5
www.trendmicro.com5
noticiasseguridad.com5
securityboulevard.com5
bit.ly4
blog.trendmicro.co.jp4
packetstormsecurity.com4
www.helpnetsecurity.com4
www.bleepingcomputer.com4
t.me3
github.com3
go.usa.gov3
opsmtrs.com3
twitter.com3
news24.c1.is3
tryhackme.com3
attackerkb.com3
www.rapid7.com3
blog.qualys.com3
tweetedtimes.com3
us-cert.cisa.gov3
viz.greynoise.io3
www.cibertip.com3
www.lacework.com3
www.tarlogic.com3
www.volexity.com3
www.hackerone.com3
www.pwndefend.com3
www.trustwave.com3
blog.barracuda.com3
securityaffairs.co3
news.ycombinator.com3
www.securityweek.com3
polarisec.substack.com3
community.atlassian.com3
research.trendmicro.com3
securityforeveryone.com3
www.itsecuritynews.info3
confluence.atlassian.com3
ipssignatures.appspot.com3

Information from Twitter

User URL Info Source
ds_bryan bit.ly Show Tweet
ds_bryan twitter.com Show Tweet
msxfaq msxfaq.de Show Tweet
ipssignatures twitter.com Show Tweet
jojoginta medium.com Show Tweet
__kokumoto securityweek.com Show Tweet
netsecu seqrite.com Show Tweet

GitHub Search Results: Up to 10
NameURL
Nwqda/CVE-2022-26134 https://github.com/Nwqda/CVE-2022-26134
BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
jbaines-r7/through_the_wire https://github.com/jbaines-r7/through_the_wire
0x14dli/cve2022-26134exp https://github.com/0x14dli/cve2022-26134exp
h3v0x/CVE-2022-26134 https://github.com/h3v0x/CVE-2022-26134
SNCKER/CVE-2022-26134 https://github.com/SNCKER/CVE-2022-26134
SIFalcon/confluencePot https://github.com/SIFalcon/confluencePot
nxtexploit/CVE-2022-26134 https://github.com/nxtexploit/CVE-2022-26134
W01fh4cker/Serein https://github.com/W01fh4cker/Serein
iveresk/cve-2022-26134 https://github.com/iveresk/cve-2022-26134

GitHub Search Results: Up to 10
NameURL
Nwqda/CVE-2022-26134 github.com
BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL github.com
jbaines-r7/through_the_wire github.com
0x14dli/cve2022-26134exp github.com
h3v0x/CVE-2022-26134 github.com
SNCKER/CVE-2022-26134 github.com
SIFalcon/confluencePot github.com
nxtexploit/CVE-2022-26134 github.com
W01fh4cker/Serein github.com
iveresk/cve-2022-26134 github.com

2023/04/14 Score : 0
Added Har-sia Database : 2022/06/03
Last Modified : 2023/04/14
Highest Scored Date : 2022/06/04
Highest Score : 403