Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild

News

Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution.

Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 — another security flaw the Australian software company patched in August 2021.

Both relate to a case of Object-Graph Navigation Language (OGNL) injection that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance.

CyberSecurity

The newly discovered shortcoming impacts all supported versions of Confluence Server and Data Center, with every version after 1.3.0 also affected. It’s been resolved in the following versions –

  • 7.4.17
  • 7.13.7
  • 7.14.3
  • 7.15.2
  • 7.16.4
  • 7.17.4
  • 7.18.1

According to stats from internet asset discovery platform Censys, there are about 9,325 services across 8,347 distinct hosts running a vulnerable version of Atlassian Confluence, with most instances located in the U.S., China, Germany, Russia, and France.

Evidence of active exploitation of the flaw, likely by attackers of Chinese origin, came to light after cybersecurity firm Volexity discovered the flaw over the Memorial Day weekend in the U.S. during an incident response investigation.

CyberSecurity

“The targeted industries/verticals are quite widespread,” Steven Adair, founder and president of Volexity, said in a series of tweets. “This is a free-for-all where the exploitation seems coordinated.”

“It is clear that multiple threat groups and individual actors have the exploit and have been using it in different ways. Some are quite sloppy and others are a bit more stealth.”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), besides adding the zero-day bug to its Known Exploited Vulnerabilities Catalog, has also urged federal agencies to immediately block all internet traffic to and from the affected products and either apply the patches or remove the instances by June 6, 2022, 5 p.m. ET.

Products You May Like

Articles You May Like

Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP
Spyware Maker NSO Group Liable for WhatsApp User Hacks
CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration
16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

Leave a Reply

Your email address will not be published. Required fields are marked *