CVE-2022-26134

Description from NVD

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

Information Acquisition Date:2022-07-06T14:54Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://jira.atlassian.com/browse/CONFSERVER-79016
     source:MISC
     tags:Patch    Vendor Advisory    
 http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
     source:MISC
     tags:

This vulnerability may involve a PoC.

Description from Forti

Atlassian Confluence Remote Code Execution via OGNL Injection

Information Acquisition Date:2022/06/10

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Android(1 tweets) Apache(1 tweets) Apple(1 tweets) BIG-IP(1 tweets) Java(20 tweets) Linux(17 tweets) MySQL(1 tweets) Oracle(1 tweets) PHP(3 tweets) Tomcat(3 tweets) VPN(6 tweets) Weblogic(6 tweets) Windows(14 tweets) Wordpress(82 tweets) iOS(2 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://confluence.atlassian.com/doc/confluence-security-ad...63
http://twinybots.ch54
https://cvetrends.com54
https://www.rapid7.com/blog/post/2022/06/02/active-exploita...43
http://cyberiqs.com/latestnews39
https://securityaffairs.co/wordpress/131909/hacking/atlassi...32
https://lists.astaro.com/ASGV9-IPS-rules.html#027
https://medium.com23
https://www.greynoise.io/blog/observed-in-the-wild-atlassia...17
https://www.jpcert.or.jp/at/2022/at220015.html13
https://www.volexity.com/blog/2022/06/02/zero-day-exploitat...13
https://www.helpnetsecurity.com/2022/06/03/cve-2022-2613412
https://viz.greynoise.io/tag/atlassian-confluence-server-cv...11
https://us-cert.cisa.gov/ncas/current-activity/2022/06/02/a...10
https://thehackernews.com/2022/06/hackers-exploiting-unpatc...10
https://www.splunk.com/en_us/blog/security/atlassian-conflu...9
https://ift.tt/Nqwcbni8
https://opsmtrs.com/326Reu88
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/0...8
https://blog.cloudflare.com/cloudflare-customers-are-protec...8
https://sysdig.com/blog/cve-2022-26134-atlassian-confluence7
https://tryhackme.com/room/cve2022261347
https://www.lacework.com/blog/kinsing-dark-iot-botnet-among...7
https://wiki6
http://www.kitploit.com/2022/06/confluencepot-simple-honeyp...6
https://www.pwndefend.com/2022/06/03/cve-2022-26134-conflue...6
https://unit42.paloaltonetworks.com/cve-2022-26134-atlassia...6
http://t.me/gobies5
https://bugalert.org/content/notices/2022-06-02-confluence....5
https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rap...5
https://blog.trendmicro.co.jp/archives/314315
https://noticiasseguridad.com/vulnerabilidades/cve-2022-261...5
https://securityboulevard.com/2022/06/imperva-customers-are...5
https://github.com/offlinehoster/CVE-2022-261344
https://community.atlassian.com/t5/Enterprise-articles/Are-...4
https://packetstormsecurity.com/files/1674314
https://www.bleepingcomputer.com/news/security/exploit-rele...4
https://bit.ly/3Qul9ky3
http://go.usa.gov/xJWGw3
https://twitter.com/hackinglz/status/15324809053353451523
https://blog.qualys.com/vulnerabilities-threat-research/202...3
https://tweetedtimes.com/WestShoreInvest?s=tnp3
https://www.tarlogic.com/blog/cve-2022-26134-zero-day-vulne...3
https://www.hackerone.com/application-security/severe-confl...3
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-...3
https://news.ycombinator.com/item?id=316528893
https://www.securityweek.com/atlassian-patches-confluence-z...3
https://polarisec.substack.com/p/all-polaris-customers-are-...3
https://securityforeveryone.com/tools/confluence-remote-cod...3
https://www.itsecuritynews.info/cisa-adds-one-known-exploit...3
https://ipssignatures.appspot.com/?cve=CVE-2022-261343

▼ Show Information from Twitter(2033)

List of frequently cited URLs

URLNum of Times Referred to
confluence.atlassian.com63
twinybots.ch54
cvetrends.com54
www.rapid7.com43
cyberiqs.com39
securityaffairs.co32
lists.astaro.com27
medium.com23
www.greynoise.io17
www.jpcert.or.jp13
www.volexity.com13
www.helpnetsecurity.com12
viz.greynoise.io11
us-cert.cisa.gov10
thehackernews.com10
www.splunk.com9
ift.tt8
opsmtrs.com8
www.cisa.gov8
blog.cloudflare.com8
sysdig.com7
tryhackme.com7
www.lacework.com7
wiki6
www.kitploit.com6
www.pwndefend.com6
unit42.paloaltonetworks.com6
t.me5
bugalert.org5
attackerkb.com5
blog.trendmicro.co.jp5
noticiasseguridad.com5
securityboulevard.com5
github.com4
community.atlassian.com4
packetstormsecurity.com4
www.bleepingcomputer.com4
bit.ly3
go.usa.gov3
twitter.com3
blog.qualys.com3
tweetedtimes.com3
www.tarlogic.com3
www.hackerone.com3
www.trustwave.com3
news.ycombinator.com3
www.securityweek.com3
polarisec.substack.com3
securityforeveryone.com3
www.itsecuritynews.info3
ipssignatures.appspot.com3

▼ Show Information from Twitter(2033)