Addressing the Atlassian Confluence Vulnerability

PUBLISHED ON June 3, 2022
LAST UPDATED June 6, 2022

On June 2, Atlassian issued a security advisory regarding a newly discovered remote code execution (RCE) vulnerability in Confluence Server and Data Center (CVE-2022-26134). Atlassian rates the severity level of this vulnerability as critical, and all supported versions of Confluence Server and Data Center are affected. Although there is currently no fix, Atlassian is working on one and is expecting to release it by EOD June 3. The research team at Veloxity discovered and disclosed the vulnerability to Atlassian, but they are not releasing a POC until a fix is available. 

The ThreatX SOC is monitoring attacks and threat feeds to stay on top of the situation and protect customers. Our recommendation at this time is to block all access to hosted Confluence servers from the Internet, and we have been working with customers to do this. We will continue to monitor the situation and will be providing updates on our social media channels and details in this blog post. 

Reach out to support@threatx.com if you have questions or need guidance. 

1pm ET June 3 update: Atlassian has issued a temporary workaround while they continue to work on a patch. ThreatX SOC is continuing to monitor the situation and has seen and blocked attacks likely related to this vulnerability.

June 6 update: Fix now available. Atlassian has announced that this vulnerability is now being actively exploited, and has released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 which contain a fix for this issue.

About the Author

Neil Weitzel

Neil is the Manager of the ThreatX Security Operations Center and is located in Detroit, MI. He has 15 years of experience working in various roles from User Support to leading Security Programs. Neil has profound experience in Security Architecture and Cybersecurity best practices, which helps him provide valuable insight to security teams. Before ThreatX, Neil worked with organizations such as Cognizant as an Application Security Architect, Cigital (now Synopsys) as their Practice Director of Vulnerability Assessments, and EIQ Networks (now Cygilant) as their Director of Security Research. Neil also served as a Cybersecurity Instructor and delivered numerous Security and Defensive Programming courses to various clients such as NASA and PayPal. He is an active member of the security community and delivered lectures at DEF CON, OWASP and local security meetups. Neil also acts as an adjunct lecturer on Software Engineering at his alma mater, Indiana University.