The Digital Trust Center (DTC) has warned the owners or network administrators of more than 300 vulnerable Atlassian Confluence systems in response to scan information obtained from the DIVD. The companies or administrators who have been warned have been advised to install the available security updates in order to prevent exploitation of a vulnerability in this collaboration software.
The National Cyber Security Center (NCSC) reports that a large number of Proof-of-Concepts (PoCs) have now been published publicly. These POCs describe how the above vulnerability can be exploited. This increases the chance of abuse by malicious parties.
Not all vulnerable Atlassian Confluence systems can be traced back to an owner or network administrator by the DTC. Therefore asks the DTC again attention to this vulnerability and advise to install available Atlassian security updates as soon as possible.
Severe vulnerability
On June 7, the DTC reported that a serious vulnerability had been discovered in Atlassian Confluence’s collaboration software, which is being actively exploited. The vulnerability – CVE-2022-26134 – allows remote execution of arbitrary code without credentials. The NCSC has also rated the vulnerability as High/High. This means that there is a high chance that these vulnerabilities are abused and that the damage can be extensive if exploited.
An attacker could remotely execute arbitrary code on a vulnerable Atlassian Confluence server without requiring credentials. Atlassian Confluence servers are usually accessible from the Internet, which increases the potential for abuse. Exploitation of the vulnerability could lead to the leakage of sensitive information and, depending on the configuration, allow complete takeover of the server.
Security updates available
Atlassian Atlassian has released security updates for the vulnerability in Confluence. The provider indicates that at least all supported versions of Atlassian Confluence Server and Atlassian Confluence Datacenter are vulnerable. When a company uses an Atlassian Confluence site through the Atlassian Cloud, there is no evidence that it is vulnerable.
–