Các bài viết liên quan:
Atlassian on Friday released fixes to address a critical security vulnerability affecting its Confluence Server and Data Center products that was actively exploited by threat actors to remote code execution.
Follow is CVE-2022-26134same problem as CVE-2021-26084 – another security hole that the company software Australia patched in August 2021.
Both involve a Graph Navigation Language (OGNL) insertion instance that can be exploited to execute arbitrary code on a Confluence Server or Data Center instance.
The newly discovered shortcoming affects all supported versions of Confluence Server and Datacenter, with any versions after 1.3.0 also affected. It has been resolved in the following versions –
7.4.17 7.13.7 7.14.3 7.15.2 7.16.4 7.17.4 7.18.1
According to statistics from internet asset discovery platform Censys, there are approximately 9,325 services on 8,347 separate servers running vulnerable versions of Atlassian Confluence, with most instances located in the US, China, Germany, Russia and France.
Evidence of actively exploiting the vulnerability, possibly by attackers of Chinese origin, came to light after the company network security Volexity discovered this vulnerability over Memorial Day weekend in the US during an incident response investigation.
Steven Adair, founder and president of Volexity, said in a series of tweets: “Targeted industries/verticals are quite common. “This is free for all, where mining seems to be coordinated.”
“It is clear that many threat groups and individual actors have exploited and used it in different ways. Some are quite sloppy and others are a bit more stealthy.”
The US Cybersecurity and Infrastructure Agency (CISA), in addition to adding the zero-day bug to its List of Known Exploited Vulnerabilities, has also called on federal agencies to immediately block all internet traffic to and from affected products and patches or removals applied for example on June 6, 2022, 5 p.m. ET.
.
