On June 2, 2022, Atlassian released a security advisory disclosing that CVE-2022-26134 was a critical unauthenticated, remote code execution vulnerability found in both Confluence Server 7.18.0 and Confluence Server Data Center 7.4.0 and higher.
What is Atlassian?
Atlassian develops and sells a variety of collaboration tools for businesses including Jira and Trello. Atlassian’s Confluence and Data Center are teamwork products used by organizations to structure, organize and share work. Any companies utilizing these Atlassian services may have been impacted as hackers actively exploited the vulnerability.
Does the vulnerability have any impact?
Atlassian rates the severity of this incident as critical. Hackers are able to exploit vulnerabilities in versions of Confluence and Data Center to install web shells. Web shells are hostile scripts used by hackers to compromise web servers and launch additional attacks.
Atlassian’s Fix
The day following the attack, Atlassian released versions of Confluence and Data Center which contain a fix for this vulnerability. Release versions include 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1.
Atlassian recommends upgrading to the latest Long Term Support release as soon as possible. If you are unable to upgrade immediately, as a temporary workaround you can mitigate the CVE-2022-26134 by updating specific files for specific product versions, instructions are available here for Confluence 7.15.0 – 7.18.0 and 7.0.0 – Confluence 7.14.2.
What is Measured doing?
Since the announcement of this vulnerability, the team at Measured worked quickly to create a detection capability for policyholders. We have run the new scanner on all Measured cyber security insurance policyholders. Additionally, we will be in contact with all organizations using the vulnerable versions of the Atlassian Confluence and Data Center Servers.
I am a Measured Policyholder; how does this impact me?
If you have a Measured policy, please contact your broker or account representative, as they will be able to advise you on how to begin a remediation process with your organization’s IT team.
Please Note: We recommend that you check whether you are running any of the vulnerable software inside your network since Measured only has visibility into assets exposed to the internet.
Measured is Here to Help
Measured is standing by to answer any questions you may have. You can reach us directly at [email protected]