• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild

You are here: Home / General Cyber Security News / Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild
June 4, 2022

Confluence Zero-Day Vulnerability

Atlassian on Friday rolled out fixes to deal with a critical security flaw influencing its Confluence Server and Knowledge Centre products and solutions that have arrive beneath energetic exploitation by menace actors to obtain distant code execution.

Tracked as CVE-2022-26134, the issue is very similar to CVE-2021-26084 — an additional security flaw the Australian software package corporation patched in August 2021.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The two relate to a situation of Object-Graph Navigation Language (OGNL) injection that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Middle instance.

CyberSecurity

The recently uncovered shortcoming impacts all supported variations of Confluence Server and Info Heart, with just about every variation immediately after 1.3. also affected. It’s been resolved in the pursuing versions –

  • 7.4.17
  • 7.13.7
  • 7.14.3
  • 7.15.2
  • 7.16.4
  • 7.17.4
  • 7.18.1

In accordance to stats from internet asset discovery system Censys, there are about 9,325 solutions across 8,347 unique hosts jogging a susceptible edition of Atlassian Confluence, with most situations situated in the U.S., China, Germany, Russia, and France.

Evidence of active exploitation of the flaw, likely by attackers of Chinese origin, arrived to light soon after cybersecurity firm Volexity uncovered the flaw over the Memorial Day weekend in the U.S. all through an incident reaction investigation.

CyberSecurity

“The qualified industries/verticals are quite widespread,” Steven Adair, founder and president of Volexity, claimed in a sequence of tweets. “This is a absolutely free-for-all where the exploitation appears to be coordinated.”

“It is crystal clear that numerous danger teams and specific actors have the exploit and have been using it in distinct methods. Some are rather sloppy and other individuals are a little bit extra stealth.”

The U.S. Cybersecurity and Infrastructure Security Company (CISA), besides including the zero-working day bug to its Identified Exploited Vulnerabilities Catalog, has also urged federal companies to straight away block all internet targeted traffic to and from the afflicted products and both use the patches or clear away the instances by June 6, 2022, 5 p.m. ET.

Identified this article interesting? Follow THN on Fb, Twitter  and LinkedIn to study much more unique information we post.


Some areas of this posting are sourced from:
thehackernews.com

Previous Post: «gitlab issues security patch for critical account takeover vulnerability GitLab Issues Security Patch for Critical Account Takeover Vulnerability

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild
  • GitLab Issues Security Patch for Critical Account Takeover Vulnerability
  • Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
  • Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again
  • The Ultimate SaaS Security Posture Management (SSPM) Checklist
  • Evil Corp Pivots LockBit to Dodge U.S. Sanctions
  • Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network
  • Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies
  • Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability
  • Threat Detection Software: A Deep Dive

Copyright © TheCyberSecurity.News, All Rights Reserved.