Atlassian has released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) affecting all Confluence Servers and Data Centers.
Atlassian has confirmed that all supported versions of Confluence Server and Data Center are affected; however, currently, there are no fixed versions of the products available.
The security advisory was released after security researchers from Volexity discovered the vulnerability while conducting an incident response investigation to one of its customers during the Memorial Day weekend. The investigation involved two internet-facing web servers running Atlassian Confluence Server software.
The root cause analysis showed that a zero-day exploit had been used that allowed unauthenticated remote code execution on the servers. Such vulnerabilities are extremely dangerous as attackers can execute commands and gain full control of the system without credentials.
Atlassian is working with the highest priority to issue a fix claiming that a security fix will be available within 24 hours. It is strongly recommended to restrict access to Confluence Server and Data Center from the internet or shut down the servers until then.
For additional information on this topic, click here.