On June 2, Atlassian issued a security advisory regarding a newly discovered remote code execution (RCE) vulnerability in Confluence Server and Data Center (CVE-2022-26134). Atlassian rates the severity level of this vulnerability as critical, and all supported versions of Confluence Server and Data Center are affected. Although there is currently no fix, Atlassian is working on one and is expecting to release it by EOD June 3. The research team at Veloxity discovered and disclosed the vulnerability to Atlassian, but they are not releasing a POC until a fix is available.
The ThreatX SOC is monitoring attacks and threat feeds to stay on top of the situation and protect customers. Our recommendation at this time is to block all access to hosted Confluence servers from the Internet, and we have been working with customers to do this. We will continue to monitor the situation and will be providing updates on our social media channels and details in this blog post.
Reach out to firstname.lastname@example.org if you have questions or need guidance.
1pm ET June 3 update: Atlassian has issued a temporary workaround while they continue to work on a patch. ThreatX SOC is continuing to monitor the situation and has seen and blocked attacks likely related to this vulnerability.
June 6 update: Fix now available. Atlassian has announced that this vulnerability is now being actively exploited, and has released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 which contain a fix for this issue.