Atlassian Warns of Critical Zero-Day Vulnerability in Confluence Server and Data Center

Security researchers have found a critical vulnerability in Atlassian’s Confluence Server and Confluence Data Center. According to Atlassian, the zero-day vulnerability is being actively exploited.

All current versions of Confluence Server and Confluence Data Center are affected by the vulnerability, which allows an attacker to launch an exploit and remotely execute arbitrary code with application privileges. At the time of writing, there is no patch for the vulnerability. Volexity, the security company that discovered the vulnerability, advises companies to disable remote access to Confluence Server.

Atlassian is aware of the vulnerability and expects fixes for the supported versions of Confluence be available within 24 hours for customers. Atlassian also advises users to disable remote access to Confluence Server and Confluence Data Center instances. As an alternative, the company suggests disabling these instances altogether until a fix is ​​available.

According to the National Cyber ​​Security Center, as far as is known no proof of concept yet around the internet. Volexity describes how it discovered the vulnerability after a customer reported suspicious activity related to two web servers running Confluence Server. This shows that the leak is already being abused in practice. The vulnerability has been designated CVE-2022-26134.

Confluence is software that enables teams to collaborate on projects online. Data Center runs on-premise and on cloud services such as Azure and AWS; Server is the more limited predecessor that Atlassian no longer sells or develops further. Atlassian emphasizes that Confluence Cloud, for which it provides the hosting itself, is not vulnerable.