Security researchers have found a critical vulnerability in Atlassian’s Confluence Server and Confluence Data Center. According to Atlassian, the zero-day vulnerability is actively being exploited.
All current versions of Confluence Server and Confluence Data Center are affected by the vulnerability, which allows attackers to launch an exploit and remotely execute arbitrary code with application privileges. There is no patch for the vulnerability at the time of writing. Volexity, the security company that discovered the vulnerability, advises companies to disable remote access to Confluence Server.
Atlassian reports that it is aware of the vulnerability and expects fixes for the supported versions of Confluence be available within 24 hours for customers. Atlassian also advises users to disable remote access to Confluence Server and Confluence Data Center instances. Alternatively, the company suggests disabling these instances entirely until a fix is available.
According to the National Cyber Security Center, as far as is known, no proof of concept yet around on the internet. Volexity describes how it discovered the vulnerability after a customer reported suspicious activity related to two web servers running Confluence Server. This shows that the leak is already being abused in practice. The vulnerability has been designated CVE-2022-26134.
Confluence is software that enables teams to collaborate on projects online. Data Center runs on-premise and on cloud services such as Azure and AWS; Server is the more limited predecessor that Atlassian no longer sells or develops. Atlassian emphasizes that Confluence Cloud, where it takes care of the hosting itself, is not vulnerable.